Re: Debian audititing tool?
On Sat, Dec 23, 2000 at 10:35:26AM +1300, Carey Evans wrote:
> "Dan Hutchinson" <hutchinsond@zdnetonebox.com> writes:
>
> > Sorry I miss read your response.
> > Well you can get the source kernel and run it threw the fornesics program
> > then compile it possible.
> > Anyway it will help with open trojans and virus anyway.
>
> There's a couple of things that could go wrong here:
>
> - gcc could be modified to include a backdoor in the kernel,
> something like the way described here:
>
> http://www.acm.org/classics/sep95/
>
> - The trojan could be a Linux kernel module that hides itself from
> any system calls that might detect it, substituting innocuous code,
> and different MD5 checksums. You can easily find modules like this
> quite easily on the web.
>
That's why you run the checker from a known-good floppy or CD. The bogus
kernel can't protect itself if it isn't running :)
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: