[EMAIL PROTECTED] wrote:
On Tue, 01 Mar 2005 10:09:34 +1000, QuantumG <[EMAIL PROTECTED]> wrote:
I dunno if anyone else has said this or not, but /dev/kmem and the joy of kernel exploits can allow an attacker to taint a kernel in ways that you simply cannot detect. Not to mention the fact that kernel modules
Actually it was mentioned during the current thread, with a mention of articles
which demonstrate how it's done, if I remember correctly.
But your message made me wonder - is it practical to disable creation of
/dev/kmem?
Some good insights about /dev/kmem here from a hacker:
http://jclemens.org/knark/creed_interview1.html
And this one is interesting too, covers 2.4 kernels and not some old 2.0 exploits. It also has another reference to kmem in the references list.
http://www.phrack.org/phrack/61/p61-0x0a_Infecting_Loadable_Kernel_Modules.txt
I am truly amazed what these guys can do.
Mike -- Michael Lake Chemistry, Materials & Forensic Science, UTS Ph: 9514 1725 Fx: 9514 1460 [pls ignore idiot lawyer's msg below]
-- UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
