Em 18-02-2014 23:00, Theo de Raadt escreveu: > This is total balony. The way you are using the word rootkit, it could > now refer to anything from a gardening shovel or anything else. Very > very sloppy. In the Unix context, the word rootkit has a very specific > meaning. You're using the word wrong. LD_PRELOAD provides NO BENEFIT > here, because a person who has already gained the privs will use > another method to retain them, because LD_PRELOAD is a visible and > useless deadend! Theo, I'm using the word rootkit in the sense I've always knew it, a malicious program installed *after *you had gained root access on a machine, which it's sole purpose is to maintain the access while ate the same time, hiding the fact that it's being done so: http://en.wikipedia.org/wiki/Rootkit
Also, I mentioned in one of the first e-mails that are much better ways to hide a rootkit. There is not a doubt about that. We were only discussing if it is indeed *possible* to have a rootkit using LD_PRELOAD on OpenBSD. Just that and nothing else. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
