OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Announcement: Solaris loadable kernel mod

Re: Announcement: Solaris loadable kernel module backdoor

Subject: Re: Announcement: Solaris loadable kernel module backdoor
From: Rainer Link (linkFOO.FH-FURTWANGEN.DE)
Date: Wed Dec 22 1999 - 16:07:55 CST

pedwardwebcom.com wrote:

[cut]
> A simple approach for Linux would be something like this:
[cut]
> Any other ideas on preventing untrusted modules from being loaded or replaced
> and loaded as an existing 'trusted' module?
Well, one of the key features of the Linux Intrusion Detection System
Patch (imho the name is a little bit misleading) is "Modules protection:
Lock module insertion/removing. After your modules inserteds, you can
lock any other insmod/rmmod by issuing a echo 1 >
/proc/sys/lids/lock_modules"

See http://www.soaring-bird.com.cn/oss_proj/lids/

HTH

best regards,
Rainer Link 

--
Rainer Link, eMail: linkrafh-furtwangen.de, WWW: http://rainer.w3.to/
Student of Communication Engineering/Computer Networking, University of
Applied Sciences,Furtwangen,Germany,http://www.ce.is.fh-furtwangen.de/

This archive was generated by hypermail 2b27 : Thu Dec 23 1999 - 12:02:23 CST