[KLUG Members] A kernel Q
Adam Tauno WIlliams
adam at morrison-ind.com
Fri Sep 10 13:42:09 EDT 2004
> >The question of why someone would want to do the above is a valid
> >question.
> What, compile the modules into the Kernel and turn off module support? Ah,
> security comes to mind as a first justification.
I suppose, I find these kind of things rather dubious. To potentially
exploit the module loading mechanism you have to have already exploited
the box to gain local access - in other words: your already humped.
> This is one technique used by some building Linux based firewalls.
Some, but other like floppyfw support modules. Personally - I think if
you take away modules you make a much less useful product as adding a
feature you need becomes a much larger task.
More information about the Members
mailing list