Bugtraq mailing list archives

Re: Announcement: Solaris loadable kernel module backdoor

From: link () FOO FH-FURTWANGEN DE (Rainer Link)
Date: Wed, 22 Dec 1999 23:07:55 +0100


pedward () webcom com wrote:

[cut]

A simple approach for Linux would be something like this:

[cut]

Any other ideas on preventing untrusted modules from being loaded or replaced
and loaded as an existing 'trusted' module?

Well, one of the key features of the Linux Intrusion Detection System
Patch (imho the name is a little bit misleading) is "Modules protection:
Lock module insertion/removing. After your modules inserteds, you can
lock any other insmod/rmmod by issuing a echo 1 >
/proc/sys/lids/lock_modules"

See http://www.soaring-bird.com.cn/oss_proj/lids/

HTH

best regards,
Rainer Link

--
Rainer Link, eMail: linkra () fh-furtwangen de, WWW: http://rainer.w3.to/
Student of Communication Engineering/Computer Networking, University of
Applied Sciences,Furtwangen,Germany,http://www.ce.is.fh-furtwangen.de/

Current thread:

Re: SSH 1 Why?, (continued)
- - - Re: SSH 1 Why? Emiel Kollof (Dec 15)
    - Re: SSH 1 Why? Iván Arce (Dec 16)
    - Re: SSH 1 Why? R. J. Wysocki (Dec 18)
    - Groupewise Web Interface Sacha Faust Bourque (Dec 19)
    - Re: Groupewise Web Interface Raymond Dijkxhoorn (Dec 20)
    - Re: Groupewise Web Interface Bayard G. Bell (Dec 21)
    - Announcement: Solaris loadable kernel module backdoor plasmoid (Dec 20)
    - Re: Announcement: Solaris loadable kernel module backdoor pedward () WEBCOM COM (Dec 21)
    - Re: Announcement: Solaris loadable kernel module backdoor Marc Esipovich (Dec 22)
    - Re: Announcement: Solaris loadable kernel module backdoor Steven Alexander (Dec 23)
    - Re: Announcement: Solaris loadable kernel module backdoor Rainer Link (Dec 22)
    - Re: Announcement: Solaris loadable kernel module backdoor Keith Owens (Dec 22)
    - Re: Groupewise Web Interface satherrl () MAILPOINT DSSRG CURTIN EDU AU (Dec 21)
    - Norton Email Protection Remote Overflow (Addendum) Matt Conover (Dec 20)
    - procmail / Sendmail - five bugs Michal Zalewski (Dec 23)
    - Re: procmail / Sendmail - five bugs Rob Jones (Dec 20)
    - Re: procmail / Sendmail - five bugs Michal Zalewski (Dec 22)
    - FTPPro insecuities The Wall (Dec 27)
    - serious Lotus Domino HTTP denial of service Alain Thivillon (Dec 21)
    - More details on the WU-FTPD configuration vulnerability. suid (Dec 21)
    - Microsoft Security Bulletin (MS99-058) Aleph One (Dec 21)

(Thread continues...)