Re: [OT] Rootkit queston

From: Måns Rullgård
Date: Mon Dec 01 2003 - 18:36:56 EST

Next message: Erik Mouw: "[BUG 2.6.0-test11] debug messages, ALSA or USB related"
Previous message: Mike Fedyk: "2.6 security patches merged? was: Linux 2.4 future"
In reply to: Richard B. Johnson: "Re: [OT] Rootkit queston"
Next in thread: Mike Fedyk: "Re: [OT] Rootkit queston"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Richard B. Johnson" <root@xxxxxxxxxxxxxxxxxx> writes:

>> They seem to have PID 0, is this normal?
>
> Yes. These are kernel threads.

That doesn't necessarily rule out the possibility of them being evil.
If someone has taken control of the system, he could have loaded some
module that started a thread disguising itself under a common name.

--
Måns Rullgård
mru@xxxxxx

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Erik Mouw: "[BUG 2.6.0-test11] debug messages, ALSA or USB related"
Previous message: Mike Fedyk: "2.6 security patches merged? was: Linux 2.4 future"
In reply to: Richard B. Johnson: "Re: [OT] Rootkit queston"
Next in thread: Mike Fedyk: "Re: [OT] Rootkit queston"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]