Shri Shrikumar: > On Thu, 2003-07-03 at 22:30, Mario Lopez wrote: > > In any case if you have a lkm rootkit, your done, dosent matter if > > you upload static, dinamic or whatever, kernel root kits are hard to > > find, not even lsmod, rmmod can help you because it is > quite easy to > > make a kernel module unloadable or even hiden, some of you may be > > thinking that they are safe to those kind of attacks because they > > have disabled kernel module support in theyr kernel, well they are > > wrong :), there is code, and nice white papers explaining how to > > insert kernel code through /proc/kmem, if I am not wrong Silvio > > Cesare developed this technique two or three years ago, although it > > hasent being exploited too much you must be aware of it's existance. > > I dont have module support and I dont have /proc/kmem. Am I missing > something ? Running 2.4.20. > I'm sure he meant /dev/kmem
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
