Re: Announcement: Solaris loadable kernel module backdoor

From: Rainer Link (linkat_private-FURTWANGEN.DE)
Date: Wed Dec 22 1999 - 14:07:55 PST

Next message: David Malone: "Re: ftp conversions exploit"

Previous message: Microsoft Product Security Response Team: "Re: The money: protocol in Internet Explorer"
Maybe in reply to: plasmoid: "Announcement: Solaris loadable kernel module backdoor"
Next in thread: Marc Esipovich: "Re: Announcement: Solaris loadable kernel module backdoor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

pedwardat_private wrote:

[cut]
> A simple approach for Linux would be something like this:
[cut]
> Any other ideas on preventing untrusted modules from being loaded or replaced
> and loaded as an existing 'trusted' module?
Well, one of the key features of the Linux Intrusion Detection System
Patch (imho the name is a little bit misleading) is "Modules protection:
Lock module insertion/removing. After your modules inserteds, you can
lock any other insmod/rmmod by issuing a echo 1 >
/proc/sys/lids/lock_modules"

See http://www.soaring-bird.com.cn/oss_proj/lids/

HTH

best regards,
Rainer Link

--
Rainer Link, eMail: linkra@fh-furtwangen.de, WWW: http://rainer.w3.to/
Student of Communication Engineering/Computer Networking, University of
Applied Sciences,Furtwangen,Germany,http://www.ce.is.fh-furtwangen.de/

Next message: David Malone: "Re: ftp conversions exploit"
Previous message: Microsoft Product Security Response Team: "Re: The money: protocol in Internet Explorer"
Maybe in reply to: plasmoid: "Announcement: Solaris loadable kernel module backdoor"
Next in thread: Marc Esipovich: "Re: Announcement: Solaris loadable kernel module backdoor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:56 PDT