Re: BTTV detection broken in 2.4.0-test11-pre5

From: Alexander Viro (viro@math.psu.edu)
Date: Sun Nov 19 2000 - 09:49:50 EST


On Sun, 19 Nov 2000, David Lang wrote:

> there is a rootkit kernel module out there that, if loaded onto your
> system, can make it almost impossible to detect that your system has been
> compramised. with module support disabled this isn't possible.

Yes, it is. Easily. If you've got root you can modify the kernel image and
reboot the bloody thing. And no, marking it immutable will not help. Open
the raw device and modify relevant blocks.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:17 EST