Re: LKM rootkits in 2.6.x

From: Dave Jones
Date: Thu Mar 11 2004 - 20:00:02 EST

Next message: Neil Brown: "Re: 2.6.4-mm1"
Previous message: Bartlomiej Zolnierkiewicz: "Re: [PATCH] hdparm_X.patch (was: Re: 2.6.4-rc-bk3: hdparm -X locks up IDE)"
In reply to: Dax Kelson: "Re: LKM rootkits in 2.6.x"
Next in thread: Jirka Kosina: "Re: LKM rootkits in 2.6.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 11, 2004 at 05:51:33PM -0700, Dax Kelson wrote:
> On Thu, 2004-03-11 at 16:50, Dave Jones wrote:
> > On Thu, Mar 11, 2004 at 09:35:32PM +0100, Christophe Saout wrote:
> >
> > > > It _is_ forbidden. This isn't any kind of accident we are talking about,
> > > > this is out and out fraud.
> > >
> > > I'm talking about binary modules, not rootkits. Vendors aren't doing
> > > forbidden things, are they?
> > Yes.
> What Vendors and modules?

Most recent one I saw was some 'antivirus' filescanning module.
The name escapes me. It was mentioned on l-k at the time.
It wasn't the first by any means however. This trick has been used
since vendors stopped exporting sys_call_table.

Dave

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Neil Brown: "Re: 2.6.4-mm1"
Previous message: Bartlomiej Zolnierkiewicz: "Re: [PATCH] hdparm_X.patch (was: Re: 2.6.4-rc-bk3: hdparm -X locks up IDE)"
In reply to: Dax Kelson: "Re: LKM rootkits in 2.6.x"
Next in thread: Jirka Kosina: "Re: LKM rootkits in 2.6.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]