On Tue, 01 Apr 2003 at 07:49:29PM +0200, David Barroso wrote: > One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections.
Ahh, yea..... Assuming an intruder made his way in with root privs couldn't he also modify /dev/kmem or directly access the kernel memory by some other means? I beleive this topic has also been discussed in the past (dig deep into the archives) and it was concluded that not allowing modules to be loaded does not really protect you from your kernel being modified at run-time. -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #35: Secretary plugged hairdryer into UPS
pgpYQqJa4hNRZ.pgp
Description: PGP signature
