On Thu, Apr 16, 2009 at 11:55:05AM -0400, Michael S. Gilbert wrote: > as seen in recent articles and discussions, the linux kernel is > currently vulnerable to rootkit attacks via the /dev/mem device. one > article [1] mentions that there is an existing patch for the problem, > but does not link to it. perhaps this fix can be found in the kernel > mailing lists. There's no vulnerability there. /dev/mem is only writable by root. The research (if there's really any research involved) just shows how you could hide files or processes by manipulating /dev/mem. That's been known for ages. That's why you don't let your users write to /dev/mem. If the attacker has root, who cares what means they use to hide their precese, you've already lost. noah
Attachment:
signature.asc
Description: Digital signature