Signed modules, "Sealed" mode etc

Posted Mar 19, 2004 1:46 UTC (Fri) by AnswerGuy (guest, #1256)
In reply to: urgh by mattdm
Parent article: A new Adore root kit

There are various patches such as LIDS and (DSIGN?) that limit
allowed modules or "seal" the kernel after boot and refuse to let
modules load or do digital signature checks before linking into
loadable modules. (The capability bounding set is a coarse grained
measure in this direction --- but it's the only one in a stock
kernel).

There are many countermeasures to each of the steps that any
rootkit takes. Of course they must be deployed before the
compromise! :(