On Sat, 19 Feb 2005 [EMAIL PROTECTED] wrote: > On Fri, Feb 18, 2005 at 08:06:59PM -0500, Michael Stone wrote: > > On Sat, Feb 19, 2005 at 09:42:48AM +1100, [EMAIL PROTECTED] wrote: > > >yes - and I have been the victim of one of these (the 'suckit' rootkit). > > >But at least using non-modular kernels prevents one class of attacks... > > > > Sure. At a fairly high cost in administrative overhead you can prevent > > one fairly narrow category of attack (one which I've seen fail in the > > field a *lot* because the kiddies run into problems of compatability > > between kernel versions). I have yet to see a convincing argument that > > the dubious benefit justifies the cost. > > why, in particular, do you consider it to be a 'fairly high cost in > administrative overhead'?
from my view ... of michael's comment: i think "high costs" is: "how do i mke my own custom kernel part of the security tasks" ?? ( way, way too many people/corp run generic distro kernels and than complain later they've been [cr/h]acked ) if one knows how to make a kernel, its 5 minutes to config and install it, and otherwise, it can be 5hrs or 5 days for a newbie to make their own custom kernel ?? removing kernel modules makes the problem more fun protecting the kernel from exploits is one very small piece of the security pie, of which the kernel modules are of dubious benefits in my book fun stuff .. c ya alvin - for now, i'm spending my nickel/time on sniffing which i think is a bigger problem than kernel modules and trying to detect the sniffers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
