On Mon, Aug 04, 2003 at 11:37:57AM +0200, devik wrote:
> think about possibility to change syscall table with no previous
> knowledge. I replied with test code which is able to locate syscall table
> and kmalloc routine address using some statistics on /dev/kmem.
(...)
> I want to say that I'm not affiliated with SucKIT nor with cracking
> and rootkiting of servers. I'll try to convince mentioned hacker
> to remove my name from the kit as I'm tired of all the complaints :-(
>
> If you feel that I'm source of your problems then I'm sorry for it.
Ok - apologies for my needless rant in your direction. I guess I also just
felt bad for not upgrading my kernel in 450 days of uptime, if I did that, I
would not have been rooted in the first place.
Will try to avenge all this by implementing a nice LSM module for preventing
such malware from being able to deploy too easily :-)
Regards,
bert
-- http://www.PowerDNS.com Open source, database driven DNS Software http://lartc.org Linux Advanced Routing & Traffic Control HOWTO - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:23 EST