Well,ok..... There is a rootkit for Solaris that can hide itself from modinfo,so: 166 feb9f2f6 194c 52 1 shmsys (System V shared memory) 168 f9e062a4 13cc 207 1 pset (processor sets) -bash-3.00#
So, we have only the aproximate address of this module in memory(According to addresses of previsious and next modules).And we need somehow to determine the adress of _fini() and unload this module,however, we don't have its id and if we do unload -i 167 we get error. Of course we can remove this module from autoloading on boot and then reboot the system, but imagine we can't do this.So,that's it! This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
