Re: BTTV detection broken in 2.4.0-test11-pre5

From: Gerd Knorr (kraxel@bytesex.org)
Date: Sun Nov 19 2000 - 12:36:25 EST

Next message: Linus Torvalds: "Re: [PATCH] semaphore fairness patch against test11-pre6"
Previous message: Luuk van der Duim: "Re: PROBLEM: isofs crash on 2.4.0-test11-pre7 [1.] MAINTAINERS: ISO FILESYSTEM"
In reply to: David Lang: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Next in thread: David Ford: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 19 Nov 2000, David Lang wrote:

> there is a rootkit kernel module out there that, if loaded onto your
> system, can make it almost impossible to detect that your system has been
> compramised. with module support disabled this isn't possible.

Wrong. I've seen messages on bugtraq saying it is possible to "load"
modules into the kernel by patching /dev/kmem. Even for loading modules
custom modules the normal way the attacker needs root priviliges (unless
you have a world-writeable /lib/modules...). If this is the case it is
too late anyway...

Gerd

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: [PATCH] semaphore fairness patch against test11-pre6"
Previous message: Luuk van der Duim: "Re: PROBLEM: isofs crash on 2.4.0-test11-pre7 [1.] MAINTAINERS: ISO FILESYSTEM"
In reply to: David Lang: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Next in thread: David Ford: "Re: BTTV detection broken in 2.4.0-test11-pre5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:17 EST