6

I recently read that NOT using loadable kernel modules could increase security. In my interpretation this consist about recomplying the kernel with only built-in kernel modules. (how to disable loadable kernel modules support? - in various os, like: debian, fedora, openbsd, etc.)

Q: Is this true? Or are there any workarounds for this? What are the OS'es that could be used like this?

ps.: http://en.wikipedia.org/wiki/Loadable_kernel_module

LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
  • Making a the kernel static, AND disabling support for loadable modules would make it harder (more effort) for an attacker to install i.e. a rootkit module. – Dog eat cat world Jul 27 '11 at 00:07

3 Answers3

7

NOT using loadable kernel modules could increase security.

Yes, the theory is as follows:

  • Attackers want to co-opt the kernel; that gives them more power and better ability to hide
  • Dynamic kernels allow malicious modules to be inserted, a handy interface for the attacker to co-opt the kernel
  • If the kernel is statically compiled, the attacker can't use this attack vector

There are several trade-offs which make this less than attractive in practice:

  • Dynamic kernels have introduced incredible flexibility, and there is no better way to learn that than to try and pin down the statically compiled kernel configuration that will actually run and do what you need. It's a big trial-and-error process.
  • Static kernels are not immune to having malicious code injected into them, so disabling the dynamic load capability does not completely erase the attack vector.

I think that compiling static kernels for security's sake was an idea that had its time, but its time has passed, and it's no longer a cost effective security choice for most environments.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
4

NOT using loadable kernel modules could increase security. Is this true?

Yes, but so will ripping out your network card and filling all your IO ports with epoxy[1]. However, I don't think you want to do that.

Depending on how you define it, most modern operating systems have dynamic kernel modules. I think Windows kernel-mode drivers qualify as do Mac OS X has Kernel extensions.

The sad reality is that while kernel modules/extensions/drivers have vulnerabilities, your computer is far more likely to be compromised by using the same username and password on your local machine that you use on [facebook, google, stackexchange, etc], or not turning off a remote access service like tftp, rdp, ard, ftp, WebDAV, etc. There are certainly plenty of security issues on standard commercial computer systems, but I would make sure I had fixed the more commonly exploited issues before looking to rid my system of dynamic kernel modules.

[1]Yes, some companies actually do this, see Pod Slurping: additional measures, Securing USB Ports, and Acceptable Use Policies: paragraph 6.

this.josh
  • 8,843
  • 2
  • 29
  • 51
1

If cybersecurity was simply a matter of not doing dangerous things, then we would have solved the problem by now. But this would include turning off the Internet, which is the most dangerous thing of all, so maybe a little danger isn't so bad.

If a hacker has already broken into your Linux machine, one way he can elevate privileges is through loadable kernel modules. But there are a lot of other ways, as well. By trying to get rid of this (which you really can't, practical), the hacker will just choose another way. If you close off all ways, then you'll have an unusable brick of a system.

Instead of rare, bizarre cases like this, you should worry about the more common cases. Such as the way you always leave a # root prompt up on the system.

Robert David Graham
  • 3,883
  • 1
  • 15
  • 14