Andrew Bennetts wrote:
You claimed:
o one can load kernel codes other than loadable kernel modules(LKM) that are
'enabled'. If you try to load an LKM that is not configured the Kernel will
not allow it. And because only a dozen or so LKMs are enabled instead of,
perhaps, hundreds LKMs, it is easy to manage these.
This is false, but you still haven't admitted that it was anywhere that I can see.
I dunno if anyone else has said this or not, but /dev/kmem and the joy of kernel exploits can allow an attacker to taint a kernel in ways that you simply cannot detect. Not to mention the fact that kernel modules are not signed or checksumed in any way so it is trivial to modify them on the disk so they are tainted on next reboot.
Trent -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
