From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Kd4vB-0001f0-Lz for mharc-grub-devel@gnu.org; Tue, 09 Sep 2008 11:14:25 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Kd4vA-0001eh-9m for grub-devel@gnu.org; Tue, 09 Sep 2008 11:14:24 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Kd4v8-0001dt-SG for grub-devel@gnu.org; Tue, 09 Sep 2008 11:14:24 -0400 Received: from [199.232.76.173] (port=41156 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Kd4v8-0001dq-Ol for grub-devel@gnu.org; Tue, 09 Sep 2008 11:14:22 -0400 Received: from moutng.kundenserver.de ([212.227.126.187]:56892) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Kd4v8-0005PY-Gy for grub-devel@gnu.org; Tue, 09 Sep 2008 11:14:22 -0400 Received: from [85.180.49.137] (e180049137.adsl.alicedsl.de [85.180.49.137]) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis) id 0ML25U-1Kd4v70uEf-0006SV; Tue, 09 Sep 2008 17:14:21 +0200 From: Felix Zielcke To: The development of GRUB 2 In-Reply-To: <1220972995.13372.8.camel@localhost> References: <200809090031.00315.Chris.Knadle@coredump.us> <1220972513.4222.21.camel@fz.local> <1220972995.13372.8.camel@localhost> Content-Type: text/plain; charset=utf-8 Date: Tue, 09 Sep 2008 17:14:20 +0200 Message-Id: <1220973260.4222.25.camel@fz.local> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V01U2FsdGVkX1/vwPGwb672oIrewvt/fk9rRwzNjXIhZ1HR9zJ gQK2TLz4fLJ+CM/sYqH7nT1wIvNWKiALjavN1gqidjbt4ZYuFx Aav5+OKvPswJWpKl++zCDfEUON0Znw8 X-detected-kernel: by monty-python.gnu.org: Linux 2.6? (barebone, rare!) Subject: RE: grub and root=label= X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Sep 2008 15:14:24 -0000 Am Dienstag, den 09.09.2008, 17:09 +0200 schrieb Javier Mart=C3=ADn: > In order to load modules you have to be root, so don't you think that if > someone gets to the point he would be able to load modules in your > server the battle is already lost? It's a easy way to get a bit more security. A kernel module can do a bit more then a normal root user process and more important it can hide things better. These rootkits could just do something like `rm -rf /' but they mainly do hiding processes so that this machine can get used for their stuff too. Ok they can reboot the machine and load there own kernel, but that's too obvious.