On Sul, 2003-08-03 at 19:09, bert hubert wrote:
> up about Oppenheimer when disclaiming that you are 'just a coder'. The item
> to google on is: "ethics sweetness hydrogen bomb Oppenheimer"), I wrote
> a patch to disable /dev/kmem and /dev/mem, which is harmless on servers
> without X.
You can do this without modifications using the security interface
hooks. If you want to do it right with 2.4 or without security modules
you need to globally revoke CAP_SYS_RAWIO and CAP_SYS_MODULE otherwise
you merely made it harder.
> It blocks attempts by rootkits, such as devik's SucKIT, to hide themselves.
>
> It is not a final solution but it raises the bar a lot. Please apply.
Fine in theory but you can do this via security modules so its better if
you write a security policy module for it.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:22 EST