Re: [linux-security] Malicious Linux modules (fwd)

=?ISO-8859-1?Q?Johan_Myr=E9en?= (jem@vistacom.fi)
Fri, 10 Oct 1997 16:04:52 +0300 (EET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Wedgwood: "Re: AMD k6 cosmetic problems"
Previous message: Geert Uytterhoeven: "Re: Blank from keyboard"

> The implications should be obvious. Once a compromise has taken place,
> nothing can be trusted, the operating system included. A module such as this
> could be placed in /lib/modules/<kernel_ver>/default to force it to be loaded
> after every reboot, or put in place of a commonly used module and in turn
> have it load the required module for an added level of protection.

If an intruder gains root privileges, he can just as well put a
modified kernel image on the disk. The kernel image does not even
need to be visible in the file system, you can tell the boot
loader to load it from the hard disk "bad blocks" at the next
reboot.

> Be afraid. Be very afraid. ;)

Don't panic.

Johan Myreen
jem@iki.fi

Next message: Chris Wedgwood: "Re: AMD k6 cosmetic problems"
Previous message: Geert Uytterhoeven: "Re: Blank from keyboard"