On Fri, 2003-07-04 at 15:44, Thomas Lamy wrote:
> Shri Shrikumar:
> > On Thu, 2003-07-03 at 22:30, Mario Lopez wrote:
> > > In any case if you have a lkm rootkit, your done, dosent matter if
> > > you upload static, dinamic or whatever, kernel root kits are hard to
> > > find, not even lsmod, rmmod can help you because it is
> > quite easy to
> > > make a kernel module unloadable or even hiden, some of you may be
> > > thinking that they are safe to those kind of attacks because they
> > > have disabled kernel module support in theyr kernel, well they are
> > > wrong :), there is code, and nice white papers explaining how to
> > > insert kernel code through /proc/kmem, if I am not wrong Silvio
> > > Cesare developed this technique two or three years ago, although it
> > > hasent being exploited too much you must be aware of it's existance.
> >
> > I dont have module support and I dont have /proc/kmem. Am I missing
> > something ? Running 2.4.20.
> >
> I'm sure he meant /dev/kmem
Ok, I have that file. Can anyone point me in the direction of something
I can do to make it more difficult to exploit this.
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745
I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499
Web: www.urbyte.com Email: shri@urbyte.com
Attachment:
signature.asc
Description: This is a digitally signed message part