On October 3, 2003 06:27 am, Juha-Mikko Ahonen wrote: > On pe, 2003-10-03 at 15:02, gabriel wrote: > > what if you disabled "loadable module support" in the kernel? > > Wont help you as it is possible to insert code directly into the kernel > via /dev/kmem. Making the kernel memory read-only is an option for > combatting malicious kernel module injection. This can be done IIRC with > grsecurity patches.
Yes, this is true. However, the grsecurity patch is an all or none approach: either you deny writing to all of /dev/kmem, /dev/mem, and /dev/port, or you deny writing to none. Preventing writing to /dev/mem can cause problems with some applications: See http://www.cubik.ca/archives/gentoo-user/msg01495.html for an example. Regards, Brian -- I thought YOU silenced the guard! [Public key available at http://www.cubik.ca/~brian/]
pgp00000.pgp
Description: signature
