Marko Randjelovic: > On Wed, 22 Jan 2014 12:24:27 +1100 > Russell Coker <[email protected]> wrote: > >> The possibility of LSM hooks being used to hide a kernel rootkit is >> widely cited. But most sysadmins aren't going to find a kernel >> rootkit anyway so using a non-LSM security system for that reason is >> trading off the real benefit of being able to save time and effort >> in maintaining systems for the probably impossible theoretical >> benefit of not using LSM. > > If I cannot prove there is a rootkit, then I cannot be sure there is a > rootkit, but neither can I be sure the is *not* a rootkit. And merely > because you cannot know you are secure, you *feel* insecure. > Furthermore, your computer may be abused to attack other computers, > even to make a botnet. And though you cannot know the attacker is > doing against your interests, neither you can know the opposite and > again, this generates feeling of insecurity.
I do not see which implications that has for LSM. > And if you neglect this, you are unconsciously submitting to the > aggressor. I am not aware of anybody here doing that. Cheers, Andreas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
