On Fri, Aug 20, 2010 at 10:48 AM, Michael Blizek < [email protected]> wrote:
> Hi! > > On 15:37 Thu 19 Aug , Anuz Pratap Singh Tomar wrote: > > Hi all, > > I came across this page about possible security exploit in kernel > modules. > > This page is very old(circa 1999), but it seems very interesting, I am > > wondering if this is any more relevant or all the holes are well patched > > now. > > > > http://www.packetstormsecurity.nl/docs/hack/LKM_HACKING.html#I.1. > > What they are describing are called rootkits. They still exist today and > you > do not even need to have loadable kernel modules enabled. There is also a > tool > called chkrootkit, which tries to detect them. However, if your attacker > has > gained root access, it pretty much means that you are doomed. > > well yes, with rootkit installed, you are totally vulnerable. One reason, I asked about this tutorial was because while looking for stuff related to kernel(or anything linux related) you may come across a lot of tutorials, which are pretty good. But they were written few years back and are no more updated(or maintained). If some new user reads them, he may get the wrong idea of things. If I had know-how of updating this tutorial, I would have gone ahead. One more point I would like to point out that I got this link from Linux-sec.net, which has a lot of useful links related to linux security, but again site seems to be un-updated for long. There isn't any central location for finding info related to security issues in kernel. Regards Anuz
