Hi!
On 15:37 Thu 19 Aug , Anuz Pratap Singh Tomar wrote:
> Hi all,
> I came across this page about possible security exploit in kernel modules.
> This page is very old(circa 1999), but it seems very interesting, I am
> wondering if this is any more relevant or all the holes are well patched
> now.
>
> http://www.packetstormsecurity.nl/docs/hack/LKM_HACKING.html#I.1.
What they are describing are called rootkits. They still exist today and you
do not even need to have loadable kernel modules enabled. There is also a tool
called chkrootkit, which tries to detect them. However, if your attacker has
gained root access, it pretty much means that you are doomed.
-Michi
--
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to [email protected]
Please read the FAQ at http://kernelnewbies.org/FAQ
