5.5 Dynamic runtime kernel modification

Attack
Phrack magazine, issue 58
Modify kernel code through /proc/kcore, /dev/kmem 

Defense
CAP_SYS_RAWIO capability disable by default 
LOG

LIDS: bash (dev 3:2 inode 80747) pid 4830 ppid 4826 uid/gid (0/0) on (ttyp) :  v
iolated CAP_SYS_RAWIO