Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Announcement: Solaris loadable kernel module backdoor
From: link () FOO FH-FURTWANGEN DE (Rainer Link)
Date: Wed, 22 Dec 1999 23:07:55 +0100


pedward () webcom com wrote:

[cut]
A simple approach for Linux would be something like this:
[cut]
Any other ideas on preventing untrusted modules from being loaded or replaced
and loaded as an existing 'trusted' module?
Well, one of the key features of the Linux Intrusion Detection System
Patch (imho the name is a little bit misleading) is "Modules protection:
Lock module insertion/removing. After your modules inserteds, you can
lock any other insmod/rmmod by issuing a echo 1 >
/proc/sys/lids/lock_modules"

See http://www.soaring-bird.com.cn/oss_proj/lids/

HTH

best regards,
Rainer Link

--
Rainer Link, eMail: linkra () fh-furtwangen de, WWW: http://rainer.w3.to/
Student of Communication Engineering/Computer Networking, University of
Applied Sciences,Furtwangen,Germany,http://www.ce.is.fh-furtwangen.de/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault