On Tue, 01 Apr 2003 13:57:10 EST, Phillip Hofmeister writes:
>Assuming an intruder made his way in with root privs couldn't he also
>modify /dev/kmem or directly access the kernel memory by some other
>means? I beleive this topic has also been discussed in the past (dig
>deep into the archives) and it was concluded that not allowing modules
>to be loaded does not really protect you from your kernel being
>modified at run-time.
Not allowing modules to be loaded doesn't protect you in much the same
way as a solid oak door with a 1" deadbolt doesn't make your house
secure.
Security isn't an absolute all-or-nothing thing.
More difficult to exploit == more secure.
Less difficult to exploit == less secure.
Good security design is about making it "more secure". You don't try
to make it completely secure, because that's impossible(*). You just make
it more and more secure, until it is secure enough for the expected
threats.
Somebody with a chainsaw, welding torch, and/or lots of explosives can
break into my house, even with my solid oak door. I don't use this as
an excuse to not bother locking my door.
--- Wade
*Some people think that a computer with no network or power at the
bottom of a well that's been filled with concrete is secure. I don't
think so, I think that it's just going to take a little digging before
a cracker can break into it.
