[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I've been hacked by DevilSoul

On Mon, 14 Jan 2002, Dave Kline wrote:
> "OTOH, if somebody obtains root privileges, he can probably plant a 
> kernel in the swapfile and instruct the boot loader to load it on the 
> next reboot. AFAIK, most if not all checksumming tools don't deal 
> properly with such scenarios. "
> Quite a scary scenario.  How could one plant a file in swap?  How could 
> you access that file?

If swap is enabled, the kernel knows where it is swapping, so you have the
first part of the deal (assuming you will swapoff that swap partition/file).

For the bootloader part, it is very platform-dependent, and some ones (such
as grub) will be a pain in the ass if you only have swap partitions (as
opposed to swap files).

It IS possible, but it is much harder than pigging back code on the kernel
without module support.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: