From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.54)
	id 1FCcAf-0005Yd-My
	for garchives@archives.gentoo.org; Fri, 24 Feb 2006 12:35:42 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.5/8.13.5) with SMTP id k1OCXu6c011461;
	Fri, 24 Feb 2006 12:33:56 GMT
Received: from www.glei.ch (ns1.glei.ch [193.192.247.6])
	by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id k1OCXuo1000064
	for <gentoo-hardened@lists.gentoo.org>; Fri, 24 Feb 2006 12:33:56 GMT
Received: from apache by www.glei.ch with local (Exim 4.54)
	id 1FCc8y-0001H6-Hh
	for gentoo-hardened@lists.gentoo.org; Fri, 24 Feb 2006 13:33:56 +0100
Message-ID: <20060224133356.ejhphojqy04c4wks@sicher.immerda.ch>
X-Priority: 3 (Normal)
Date: Fri, 24 Feb 2006 13:33:56 +0100
From: Peter Meier <peter.meier@immerda.ch>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] kernel-guard
References: <43FEE1D4.1000903@struck.lu> <20060224122635.GA285@home.power>
In-Reply-To: <20060224122635.GA285@home.power>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain;
	charset=ISO-8859-1;
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.0.4)
X-Archives-Salt: 8a19011b-b2c2-49d6-9e35-6d626dfac403
X-Archives-Hash: 5b9f8e21dbef7ffa7c3c5adbc3414624

>> Amir Alsbih, who found out how to write a rootkit for the 2.6 series of
>> the Linux kernel, now proposes a module, which uses the same method to
>> prevent any other module to load into memory.
>
> Last version of hardened-sources has GrSecurity option for this:

in general for servers it is a good idea to disable the function of 
loading modules in the kernel. this means that you have to compile all 
in your kernel, but never have the problems of such rootkits.

greets pete
-- 
gentoo-hardened@gentoo.org mailing list