From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1Ho3N6-0007rN-Pf for garchives@archives.gentoo.org; Tue, 15 May 2007 20:11:49 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4FKAVJu001151; Tue, 15 May 2007 20:10:31 GMT Received: from ender.volumehost.net (adsl-69-154-123-202.dsl.fyvlar.swbell.net [69.154.123.202]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4FK69ef028923 for ; Tue, 15 May 2007 20:06:10 GMT Received: from localhost (localhost [127.0.0.1]) by ender.volumehost.net (Postfix) with ESMTP id 1D6861EE0D for ; Tue, 15 May 2007 20:06:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at volumehost.net Received: from ender.volumehost.net ([127.0.0.1]) by localhost (ender.volumehost.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id INKN9xUF4hEX for ; Tue, 15 May 2007 20:06:08 +0000 (UTC) Received: from adsl-69-154-123-205.dsl.fyvlar.swbell.net (adsl-69-154-123-205.dsl.fyvlar.swbell.net [69.154.123.205]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ender.volumehost.net (Postfix) with ESMTP id 7DF701EDEC for ; Tue, 15 May 2007 20:06:08 +0000 (UTC) From: "Boyd Stephen Smith Jr." To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Managing my kernel Date: Tue, 15 May 2007 15:06:00 -0500 User-Agent: KMail/1.9.6 References: <49bf44f10705140848n41d13c0cy5225964032ecb480@mail.gmail.com> <200705150921.17733.shrdlu@unlimitedmail.org> <20070515144925.5e6d0d56@pascal.spore.ath.cx> In-Reply-To: <20070515144925.5e6d0d56@pascal.spore.ath.cx> X-Eric-Conspiracy: There is no conspiracy Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6475160.DR2cyXZLgX"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200705151506.05450.bss03@volumehost.net> X-Archives-Salt: 4f9d4895-dd4b-4a44-9313-01eb098524f9 X-Archives-Hash: 24a9648e25a71d9f186a4af5371d4c39 --nextPart6475160.DR2cyXZLgX Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 15 May 2007, Dan Farrell wrote about 'Re:=20 [gentoo-user] Managing my kernel': > On Tue, 15 May 2007 09:21:17 +0200 > Etaoin Shrdlu wrote: > > On Tuesday 15 May 2007 03:57, Dan Farrell wrote: > > > On Tue, 15 May 2007 12:33:22 +1200 > > > Mark Kirkwood wrote: > > > > 2/ disables loadable modules completely > > > > > > But Why? What's the benefit? > > > > [S]ome rootkits > > use LKMs, and removing loadable modules support might help to prevent > > such attacks. > > I'd never heard of LKM rootkits, although the > concept is I suppose a good one, as far as defeating security goes. I > must say I'm not going to start worrying about it, but point taken The (GPL'd) rootkit I was able to look at didn't even use LKMs, it simply=20 patched the kernel live via /proc/kcore. The version I saw probably=20 wouldn't work anymore, but LKMs aren't the only way a rootkit can take=20 hold. =2D-=20 Boyd Stephen Smith Jr. ,=3D ,-_-. =3D.=20 bss03@volumehost.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'=20 http://iguanasuicide.org/ \_/ =20 --nextPart6475160.DR2cyXZLgX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) iD8DBQBGShKt55pqL7G1QFkRAjtkAKCAd8qtuBzIJ8gSJ3L2gF22UtyheQCdE7Bq bwJwTAnFiCU8xwqOE+a58rI= =g00h -----END PGP SIGNATURE----- --nextPart6475160.DR2cyXZLgX-- -- gentoo-user@gentoo.org mailing list