LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel modules are a convenience

kernel modules are a convenience

Posted Dec 18, 2011 15:53 UTC (Sun) by ranmachan (subscriber, #21283)
In reply to: kernel modules are a convenience by tialaramex
Parent article: First version of kmod released

<matrix style>
How do you inject a kernel module...
...if you don't have access to kernel memory?
</matrix style>

CONFIG_STRICT_DEVMEM=y

Though you still can just replace the kernel image and reboot into that.
However if you run on e.g. Xen you can prevent that as well, leaving only comparatively more easy to detect user-mode root kits (ignoring possible supervisor bugs or an insecure dom0).

(Log in to post comments)

kernel modules are a convenience

Posted Dec 18, 2011 18:45 UTC (Sun) by PaXTeam (subscriber, #24616) [Link]

> CONFIG_STRICT_DEVMEM=y

you'd think it does what you think it does but it doesn't... which pill did you take? ;)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds