[13075] in bugtraq
Re: Announcement: Solaris loadable kernel module backdoor
daemon@ATHENA.MIT.EDU (Rainer Link)
Thu Dec 23 13:46:38 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38614BBB.5F9BC427@foo.fh-furtwangen.de>
Date: Wed, 22 Dec 1999 23:07:55 +0100
Reply-To: Rainer Link <link@FOO.FH-FURTWANGEN.DE>
From: Rainer Link <link@FOO.FH-FURTWANGEN.DE>
X-To: pedward@webcom.com
To: BUGTRAQ@SECURITYFOCUS.COM
pedward@webcom.com wrote:
[cut]
> A simple approach for Linux would be something like this:
[cut]
> Any other ideas on preventing untrusted modules from being loaded or replaced
> and loaded as an existing 'trusted' module?
Well, one of the key features of the Linux Intrusion Detection System
Patch (imho the name is a little bit misleading) is "Modules protection:
Lock module insertion/removing. After your modules inserteds, you can
lock any other insmod/rmmod by issuing a echo 1 >
/proc/sys/lids/lock_modules"
See http://www.soaring-bird.com.cn/oss_proj/lids/
HTH
best regards,
Rainer Link
--
Rainer Link, eMail: linkra@fh-furtwangen.de, WWW: http://rainer.w3.to/
Student of Communication Engineering/Computer Networking, University of
Applied Sciences,Furtwangen,Germany,http://www.ce.is.fh-furtwangen.de/
