Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
When SecureBoot is used, the kernel will disable loading modules, but you do not need SecureBoot to do so yourself.
SecureBoot can't come soon enough
Posted Nov 22, 2012 15:52 UTC (Thu) by raven667 (subscriber, #5198)
Although without checking of the bootloader you could create a grub module which would inject code or silently enable module loading as the kernel booted so that a rootkit could persist. And even with secureboot and disabling of unsigned module loading you can still inject code into the kernel using any kernel vulnerability accessible from userspace and use that to load a module or enable module loading.
It's good that most of these rootkits are clearly made by amateurs, what would a linux rootkit look like if it had the professional resources of cyber-weapons like Stuxnet or Flame?
Posted Nov 22, 2012 16:40 UTC (Thu) by nix (subscriber, #2304)
(Perhaps you're infected already! Look behind you!)
Posted Nov 22, 2012 16:54 UTC (Thu) by dps (subscriber, #5725)
Real experts could just replace the kernel too but script kiddies can't. I can't afford to implement write protected /, /usr, kernel image, etc. If udev or systemd can't cope then I would use something simpler which can.
My personal firewall machine (original pentium with 2 * 10/100 ethernet) uses a kernel does not support modules, period. I don't need SecureBoot to stop you loading modules on that box :-)
Posted Nov 22, 2012 19:32 UTC (Thu) by Seegras (subscriber, #20463)
Aye. I've got no module-loading capability on my firewalls and servers either. For years.
Posted Nov 23, 2012 0:02 UTC (Fri) by mjg59 (subscriber, #23239)
Posted Nov 22, 2012 21:23 UTC (Thu) by paulj (subscriber, #341)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds