On Thu, 18 Dec 2003, martin f krafft wrote: > I would be very interested, Russel, to hear your opinion about the > claim that the LSM hooks are dangerous in terms of root kit > exploits. Do you agree? If not, then please tell us what LSM > precautions take care to prevent that.
Given the patch-the-kernel-directly exploits, and the module-based-exploits right now that work without even touching the LSM hooks, this question always looked quite missplaced to me every time I heard it... Now, what I would like to have is a kernel that loads in all executable pages it might need, and locks itself out from ever loading or writing over any other executable pages [that would run in kernel context] again. This needs hardware support, of course, which I don't know if any of the commonly used architectures have... -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
