LWN.net Logo

Advertisement

ThinLinc Terminal Server

Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux, with hardware accelerated OpenGL!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Allowed modules list

Allowed modules list

Posted Mar 18, 2004 7:01 UTC (Thu) by sweikart (guest, #4276)
In reply to: Allowed modules list by corbet
Parent article: A new Adore root kit 

>In either case, however, you must contend with the fact that it is still 
>possible to patch code into the kernel without loading a module via /dev/mem.

To block access through /dev/mem, just drop the sys_rawio capability.  [You
might even be able to drop sys_rawio after starting X; I've only dropped it 
on servers.]

Some good references are:
   http://lwn.net/1999/1202/kernel.php3
   http://lwn.net/2000/0629/backpage.php3  # Subject: disabling module loading

(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds