On Tuesday 15 May 2007, Dan Farrell <[EMAIL PROTECTED]> wrote about 'Re: [gentoo-user] Managing my kernel': > On Tue, 15 May 2007 09:21:17 +0200 > Etaoin Shrdlu <[EMAIL PROTECTED]> wrote: > > On Tuesday 15 May 2007 03:57, Dan Farrell wrote: > > > On Tue, 15 May 2007 12:33:22 +1200 > > > Mark Kirkwood <[EMAIL PROTECTED]> wrote: > > > > 2/ disables loadable modules completely > > > > > > But Why? What's the benefit? > > > > [S]ome rootkits > > use LKMs, and removing loadable modules support might help to prevent > > such attacks. > > I'd never heard of LKM rootkits, although the > concept is I suppose a good one, as far as defeating security goes. I > must say I'm not going to start worrying about it, but point taken
The (GPL'd) rootkit I was able to look at didn't even use LKMs, it simply patched the kernel live via /proc/kcore. The version I saw probably wouldn't work anymore, but LKMs aren't the only way a rootkit can take hold. -- Boyd Stephen Smith Jr. ,= ,-_-. =. [EMAIL PROTECTED] ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.org/ \_/
signature.asc
Description: This is a digitally signed message part.