On Wed, 22 Jan 2014 12:24:27 +1100 Russell Coker <[email protected]> wrote:
> The possibility of LSM hooks being used to hide a kernel rootkit is widely > cited. But most sysadmins aren't going to find a kernel rootkit anyway so > using a non-LSM security system for that reason is trading off the real > benefit of being able to save time and effort in maintaining systems for the > probably impossible theoretical benefit of not using LSM. If I cannot prove there is a rootkit, then I cannot be sure there is a rootkit, but neither can I be sure the is *not* a rootkit. And merely because you cannot know you are secure, you *feel* insecure. Furthermore, your computer may be abused to attack other computers, even to make a botnet. And though you cannot know the attacker is doing against your interests, neither you can know the opposite and again, this generates feeling of insecurity. And if you neglect this, you are unconsciously submitting to the aggressor. -- Education is a process of making people see what is advanced and not obvious, but also not see what is basic and obvious. http://markorandjelovic.hopto.org -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
