On Fri, 1 Apr 2005, Jim Carter spake:
> A maximally paranoid sysop will disable module loading, but this gives only
> a small benefit in security, because having done a root exploit the hacker
> can write nefarious code into /dev/kmem, as easily as he can load an
> inimical module or install a hacked version of a userspace binary.
Not if you remove CAP_RAWIO from the bounding set. :)
--
This is like system("/usr/funky/bin/perl -e 'exec sleep 1'");
--- Peter da Silva
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
User-mode-linux-user mailing list
User-mode-linux-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
