Re: Debian audititing tool?

To: "Dan Hutchinson" <hutchinsond@zdnetonebox.com>
Cc: Christian Kurz <shorty@getuid.de>, debian-security@lists.debian.org
Subject: Re: Debian audititing tool?
From: Carey Evans <carey@debian.org>
Date: 23 Dec 2000 10:35:26 +1300
Message-id: <[🔎] 87vgscqgv5.fsf@psyche.dnsalias.org>
In-reply-to: <[🔎] 20001221143724.UHTR6697.mta09.onebox.com@onebox.com>
References: <[🔎] 20001221143724.UHTR6697.mta09.onebox.com@onebox.com>

"Dan Hutchinson" <hutchinsond@zdnetonebox.com> writes:

> Sorry I miss read your response.
> Well you can get the source kernel and run it threw the fornesics program
> then compile it possible.
> Anyway it will help with open trojans and virus anyway.

There's a couple of things that could go wrong here:

 - gcc could be modified to include a backdoor in the kernel,
   something like the way described here:

                  http://www.acm.org/classics/sep95/

 - The trojan could be a Linux kernel module that hides itself from
   any system calls that might detect it, substituting innocuous code,
   and different MD5 checksums.  You can easily find modules like this
   quite easily on the web.

-- 
	 Carey Evans  http://home.clear.net.nz/pages/c.evans/

  "May not be representative of the experience of actual customers."

Reply to:

Follow-Ups:
- Re: Debian audititing tool?
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- Re: Debian audititing tool?
  - From: "Dan Hutchinson" <hutchinsond@zdnetonebox.com>

Prev by Date: Re: Debian audititing tool?
Next by Date: Re: Debian audititing tool?
Previous by thread: Re: Debian audititing tool?
Next by thread: Re: Debian audititing tool?
Index(es):
- Date
- Thread