> > How will it help if trojan already modified the kernel image?
>
> 1. Keep the kernel image on non-writable media as well.
>
I mean, in memory. AFAIK Linux kernel can't run from ROM. And even if it
will run from ROM, data still should be in RAM.
> 2. If the kernel is compromised, then kernel-level protection doesn't help
> you either (the above was a reference to the claim that user-level daemons
> couldn't be trusted). You're screwed unless your defense is implemented
> in hardware (which is basically equivalent to putting the kernel and
> security daemons on non-writable media).
I assume that after intruder/script/trojan/virus got root access, there
is nothing reasonable that can be done except wiping out and reinstalling
the system IMNSHO efforts should be made only to prevent that from
happening, not to find a way to fight already lost battle.
-- Alex---------------------------------------------------------------------- Excellent.. now give users the option to cut your hair you hippie! -- Anonymous Coward
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/