Re: another kconfig target for building monolithic kernel (forsecurity) ?

From: Arjan van de Ven
Date: Sat Apr 29 2006 - 17:24:13 EST

Next message: Alan Cox: "Re: better leve triggered IRQ management needed"
Previous message: Matthieu CASTET: "Re: [RFC] make PC Speaker driver work on x86-64"
In reply to: Dave Jones: "Re: another kconfig target for building monolithic kernel (for security) ?"
Next in thread: Nix: "Re: another kconfig target for building monolithic kernel (for security) ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2006-04-29 at 12:43 -0400, Dave Jones wrote:
> On Sat, Apr 29, 2006 at 03:03:55PM +0200, devzero@xxxxxx wrote:
>
> > i want to harden a linux system (dedicated root server on the internet) by recompiling the kernel without support for lkm (to prevent installation of lkm based rootkits etc)
>
> Loading modules via /dev/kmem is trivial thanks to a bunch of tutorials and
> examples on the web, so this alone doesn't make life that much more difficult for attackers.

/dev/kmem should be a config option too though

(and /dev/mem should get the filter patch that fedora has ;-)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: better leve triggered IRQ management needed"
Previous message: Matthieu CASTET: "Re: [RFC] make PC Speaker driver work on x86-64"
In reply to: Dave Jones: "Re: another kconfig target for building monolithic kernel (for security) ?"
Next in thread: Nix: "Re: another kconfig target for building monolithic kernel (for security) ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]