[Gllug] Hacker Attack
Nix
nix at esperi.org.uk
Sun Jan 8 19:22:27 UTC 2006
On Sat, 07 Jan 2006, Martin A. Brooks wrote:
> Nix wrote:
>> ... unless they're signed and the signing key is not on the machine, and
>> even then you can't trust your *kernel*
>
> If the machine has not been rebooted then you probably can trust your
> kernel.
If they have root and /dev/mem is enabled or module loading is possible,
then you can't trust it. (This is not necessarily the case, and it's
possible with a small patch to seal the kernel so that module loading is
impossible after a certain point, even for root... e.g. this is true on
my firewall.)
--
`I must caution that dipping fingers into molten lead
presents several serious dangers.' --- Jearl Walker
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list