Re: another kconfig target for building monolithic kernel (for security) ?
From: devzero
Date: Sat Apr 29 2006 - 13:13:09 EST
hello !
do we need to have write access to /dev/kmem - especially on a server without X ?
iirc, write access can be disabled, for example with addons like grsecurity.
(don`t know what will be broken besides X, though)
regards
roland
> -----Ursprüngliche Nachricht-----
> Von: Dave Jones <davej@xxxxxxxxxx>
> Gesendet: 29.04.06 18:43:41
> An: devzero@xxxxxx
> CC: linux-kernel@xxxxxxxxxxxxxxx
> Betreff: Re: another kconfig target for building monolithic kernel (for security) ?
> On Sat, Apr 29, 2006 at 03:03:55PM +0200, devzero@xxxxxx wrote:
>
> > i want to harden a linux system (dedicated root server on the internet) by recompiling the kernel without support for lkm (to prevent installation of lkm based rootkits etc)
>
> Loading modules via /dev/kmem is trivial thanks to a bunch of tutorials and
> examples on the web, so this alone doesn't make life that much more difficult for attackers.
>
> Dave
>
> --
> http://www.codemonkey.org.uk
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/