Исходное сообщение
"Новый способ внедрения rootkit в Linux ядро" Отправлено слыш, 15-Апр-09 22:59
>А что есть клоуны которые для сервера включает поддержку /dev/mem и дают >всем рутовый пароль? А есть клоуны способные выключиь поддержку /dev/mem ? grsecurity патч config GRKERNSEC_KMEM         bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port"         help           If you say Y here, /dev/kmem and /dev/mem won't be allowed to           be written to via mmap or otherwise to modify the running kernel.           /dev/port will also not be allowed to be opened. If you have module           support disabled, enabling this will close up four ways that are           currently used  to insert malicious code into the running kernel.           Even with all these features enabled, we still highly recommend that           you use the RBAC system, as it is still possible for an attacker to           modify the running kernel through privileged I/O granted by ioperm/iop           If you are not using XFree86, you may be able to stop this additional           case by enabling the 'Disable privileged I/O' option. Though nothing           legitimately writes to /dev/kmem, XFree86 does need to write to /dev/m           but only to video memory, which is the only writing we allow in this           case.  If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they wi           not be allowed to mprotect it with PROT_WRITE later.           It is highly recommended that you say Y here if you meet all the           conditions above.