On Thu, 2003-01-30 at 17:33, Abhishek Singh wrote: > Is it possible for a netfilter hook registered during module insertion > time to be removed by a userspace application (such as iptables) without > the insertion of a new module? Yeah, remove all rules using it and rmmod the module. > What I am trying to do is implement a hook for secure packet processing > using netfilter. If however an attacker can remove this hook without > inserting a new module or compromising the kernel in some way then the > security level of this hook is compromised. You gotta be root to manipulate iptables. If a user could manipulate ANY iptables rules security would already be compromised because any user could fuck with firewall rules. HTH -- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D