[ale] Monolithic vs Modularised Kernels
J.M. Taylor
jtaylor at onlinea.com
Wed Jul 9 11:41:13 EDT 2003
John,
Well the idea is to mitigate. Yes of course if someone has r00t on your
box you're pretty screwed, but if they're doing rootkit type stuff it's
going to be some type of automated script. I don't know how many l33t
h4x0rs actually bother to log on to an owned box these days, seems like
most of what they're after unless you're an individual target is using you
for irc/DoS/upstream h4x0ring. Getting something into the kernel is in
many ways more powerful than even being root. And it's easier to remotely
load (or script the loading of) a module than it is to recompile the whole
kernel.
Also of course it helps prevent against local privledge escalation running
amok...imagine a disgruntled employee in your IT dept getting root and
loading a keystroke logger module...even after you'd fired said individual
and dutifully changed your root password, they'd be logging all your new
stuff too and sending it to their hotmail acct. A kernel compile and
reboot would be noticed...a loaded kernel module is less likely.
It seems like such a little thing, but it's often the little things that
get overlooked and wind up making you wish you'd taken up llama farming
instead.
Of course, I have been called paranoid before...
:)
jenn
John Wells said:
> Raju said:
>> I am inclined at this point towards monolithic kernel from a security
>> perspective, but need to find a balance of course. No fancy LKMs
>> (Loadable Kernel Modules) for those kiddies to play with ;-).
>
> Hmmm...to load modules into the kernel, you have to be root. So, if a
> 1337 h4X0r is able to load a module, you're probably already pretty
> screwed.
>
> Or am I missing something?
>
> John
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list