Re: BTTV detection broken in 2.4.0-test11-pre5

From: Alexander Viro (viro@math.psu.edu)
Date: Sun Nov 19 2000 - 09:49:50 EST

Next message: Keith Owens: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Previous message: David Lang: "Re: BTTV detection broken in 2.4.0-test11-pre5"
In reply to: David Lang: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Next in thread: Dan Hollis: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Reply: Dan Hollis: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 19 Nov 2000, David Lang wrote:

> there is a rootkit kernel module out there that, if loaded onto your
> system, can make it almost impossible to detect that your system has been
> compramised. with module support disabled this isn't possible.

Yes, it is. Easily. If you've got root you can modify the kernel image and
reboot the bloody thing. And no, marking it immutable will not help. Open
the raw device and modify relevant blocks.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Keith Owens: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Previous message: David Lang: "Re: BTTV detection broken in 2.4.0-test11-pre5"
In reply to: David Lang: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Next in thread: Dan Hollis: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Reply: Dan Hollis: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:17 EST