sslug-teknik team mailing list archive

[Jon Bendtsen <bendtsen@xxxxxxx>]

quote fra	http://www.kt.opensrc.org/kt19990830_32.html

kort fortalt. Hvis en cracker får adgang til din maskine er det RET let at
loade et modul der vil give ham/hende adgang igen, samt skjule at
vedkommende er der, ved at modificere systemkald i den kørende kerne. Det
hele kan klares med et enkelt modul der bare skal loades.

Løsningen på kort sigt må være at undlade at bruge moduler, altså, compile
den support for hardware ind i kernen som du skal bruge.

Du er selvf. ikke sikker imod cracker besøg bare fordi du ikke bruger
moduler, men det er sværer for dem at gemme sig hvis du ikke har loadable
modules. 

og NEJ, det hjaelper ikke at genstarte, da du kan autoloade modules ved
boot...

links af interresse:
http://www.kt.opensrc.org/kt19990830_32.html
http://www.geog.ubc.ca/snag/bugtraq/msg00788.html
http://www.phrack.com/search.phtml?view&article=p52-18



ion++



     Subject: Disabling module loading with a module?

     There was an interesting discussion of Linux security problems, and
several interesting URLs were
     published, detailing some Linux exploits. Sven Koch gave a pointer to
     http://www.phrack.com/search.phtml?view&article=p52-18, which gives
in-depth explanations
     (including code) of how to maintain control of a Linux system once
it's been cracked. Elsewhere,
     Herve MORILLON gave a pointer to
http://www.geog.ubc.ca/snag/bugtraq/msg00788.html,
     which goes into depth on ways an attacker can totally cover their
traces once they've cracked a
     Linux system.