[1648] in linux-security and linux-alert archive
[linux-security] Re: Malicious Linux modules
daemon@ATHENA.MIT.EDU (Christopher Hicks)
Tue Oct 14 02:29:38 1997
Date: Mon, 13 Oct 1997 09:34:11 -0400 (EDT)
From: Christopher Hicks <chicks@chicks.net>
To: linux-security@redhat.com
In-Reply-To: <9710121747.AA40774@cibs.sns.it>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Andrea Menucci proposed a set of kernel patchs and modules for protecting
a system from malicious modules. While I think that having a checksummed
list of trusted modules is a good idea. Using the kernel to prevent the
hard drive from being read, doesn't hold water. The assumption in most of
the malicious module attack scenarios is that the hacker places some
module as a backdoor once he has attained root. (I realize that there is
also a DoS attack, but that's not a module issue, not a Malicious module
issue.) Anyway, once you have root access there will be any number of
ways to access a device made read-only by the kernel. After a root
compromise, I'd still be back in the boat of having to reinstall the
entire machine to be sure no back doors were left.
BUT there are two solutions to this problem. One is to make a hard drive
physically read-only. But I don't see many hard drives with read only
jumpers any more. Progress. Or, you can burn your OS onto a CDR. Its
certainly not any more trouble than whatever you'd have to go through with
a module that wouldn't let you write to your hard drive. With bootable
CD-ROM's you don't even have to worry about hard drive boot-sector hacks.
</chris>
Neither Sweat, nor blood, nor frustration, or lousy manuals
nor missing parts, or wrong parts shall keep me from my task.
--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null