On Sun Aug 03, 2003 at 08:09:50PM +0200, bert hubert wrote:
> Greetings,
>
> After being gloriously rootkitted with a program coded by HTB author Martin
> Devera (lots of thanks, devik, your work is appreciated, I suggest you read
> up about Oppenheimer when disclaiming that you are 'just a coder'. The item
> to google on is: "ethics sweetness hydrogen bomb Oppenheimer"), I wrote
> a patch to disable /dev/kmem and /dev/mem, which is harmless on servers
> without X.
>
> It blocks attempts by rootkits, such as devik's SucKIT, to hide themselves.
Until the rootkit, already running as root, loads stuff as a
kernel module... Perhaps you should make this enforce that
people have CONFIG_MODULES=n,
-Erik
-- Erik B. Andersen http://codepoet-consulting.com/ --This message was written using 73% post-consumer electrons-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:22 EST