Hi guys :) Yesterday evening, while drinking a smooth ale and explaining something about a real kernel to a friend of mine who is uindoze addicted, I was thinking about /dev/kmem permission and kernel patching on the fly. The point is that an attacker could replace our beatiful and warm kernel with an "a doc" evil-cracker-image playing with /dev/kmem, of course after gaining root privileges. Using my module, AngeL, I deny /dev/kmem writing at kernel level and everything still works fine. So my question is... why /dev/kmem has write access to root user? Who needs writing in /dev/kmem ( I figured out that neither insmod or rmmod needs that )? Cheers, -- $>cd /pub $>more beer (0> //\ Perego Paolo <p_perego@modiano.com> - www.sikurezza.org/angel V_/_ 'It seems the hardest life I've never known' I'm Linux drow 2.4.19-4GB - SuSE Linux 7.3 (i386) powered.
Attachment:
signature.asc
Description: PGP signature
