Hi, David Barroso wrote: > > * Marcin Owsiany ([EMAIL PROTECTED]) wrote: > > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser > > > wrote: > > > > In a server enviroment, where there no need to load modules at run-time, > > > > could be a "usable workaorund", but, in a workstation machine, i don't > > > > think thats a great idea. > > > > > > In a server environment it is preferable not to > > > compile with modules at all. > > > > Why? > > One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections.
i have an "old" kernel with modules and didn't updated it, because of the ptrace bug. this is the reason why: www1:~# grep CAP_SYS_MODULE /etc/lids/lids.cap -16:CAP_SYS_MODULE www1:~# grep CAP_SYS_PTRACE /etc/lids/lids.cap -19:CAP_SYS_PTRACE For fun i tried the exploit, it didn't worked, it needs access to /proc. I gave that user access to /proc and tried it again. The user got logged out, i got an email. Regards, Ralf Dreibrodt -- Mesos Telefon 49 221 4855798-1 Eupener Str. 150 Fax 49 221 4855798-9 50933 Koeln Mail [EMAIL PROTECTED]
