Security Incidents mailing list archives
RE: chkrootkit and LKM?
From: "Andrew Ruef" <jabberwocky () mediasoft net>
Date: Thu, 19 Jun 2003 23:34:59 -0400
Actually the best way to do that is to turn off module support within the kernel and then use some device (the grsecurity kernel patches and the StJude LKM both have these) to close down things like access to /dev/kmem, /dev/ports, privileged I/O, so on. This closes down other avenues for code to be loaded into the kernel. A. Ruef -----Original Message----- From: Tim Greer [mailto:chatmaster () charter net] Sent: Wednesday, June 18, 2003 12:22 PM To: Rob Shein; 'Janus N. Tøndering'; incidents () securityfocus com Subject: Re: chkrootkit and LKM?
----- Original Message ----- From: "Rob Shein" <shoten () starpower net> To: "'Tim Greer'" <chatmaster () charter net>; "'Janus N. Tøndering'"
<janus () bananus dk>; <incidents () securityfocus com>
Sent: Wednesday, June 18, 2003 12:47 AM Subject: RE: chkrootkit and LKM?
This won't help if it's an LKM...LKM stands for "Linux Kernel Module,"
For some reason, I just saw 'chrootroot' and not LKM; hence my response. Anyway, I always recommend people not compile in loadable module support if they want a more secure kernel and to avoid this type of problem in the future. -- Regards, Tim Greer chatmaster () charter net Server administration, security, programming, consulting. ------------------------------------------------------------------------ ---- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ------------------------------------------------------------------------ ---- ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- chkrootkit and LKM? Janus N. (Jun 16)
- Re: chkrootkit and LKM? Ali-Reza Anghaie (Jun 16)
- Re: chkrootkit and LKM? Janus N. (Jun 17)
- Re: chkrootkit and LKM? Blade Runner (Jun 17)
- Re: chkrootkit and LKM? Valdis . Kletnieks (Jun 18)
- Re: chkrootkit and LKM? Tim Greer (Jun 17)
- RE: chkrootkit and LKM? Rob Shein (Jun 18)
- Re: chkrootkit and LKM? Tim Greer (Jun 18)
- RE: chkrootkit and LKM? Andrew Ruef (Jun 21)
- Re: chkrootkit and LKM? Tim Greer (Jun 23)
- RE: chkrootkit and LKM? Rob Shein (Jun 18)
- Re: chkrootkit and LKM? Ali-Reza Anghaie (Jun 16)