Re: rootkit not found by rkhunter

To: debian-security@lists.debian.org
Subject: Re: rootkit not found by rkhunter
From: Noah Meyerhans <noahm@debian.org>
Date: Thu, 8 Oct 2009 12:23:37 -0400
Message-id: <[🔎] 20091008162337.GB22686@morgul.net>
Mail-followup-to: Noah Meyerhans <noahm@debian.org>, debian-security@lists.debian.org
In-reply-to: <[🔎] slrnhcrb0b.36j.joerg@alea.gnuu.de>
References: <[🔎] 20091004141535.GA23593@openlib.org> <[🔎] 20091004110747.4b289a37.michael.s.gilbert@gmail.com> <[🔎] 20091004154452.GB23636@openlib.org> <[🔎] 20091004161048.GS22686@morgul.net> <[🔎] slrnhcrb0b.36j.joerg@alea.gnuu.de>

On Thu, Oct 08, 2009 at 09:08:31AM +0000, Jörg Sommer wrote:
> > You need to make sure that the machine actually gets rebooted when
> > security updates are made.
> 
> I thought for security fixes in modules it's enough to update/replace
> the module. Isn't it?

No.  If the module is already loaded in memory, then overwriting the
file isn't going to help.  The vulnerability is in memory.  Of course,
if the module is not actually loaded, then ovewriting the file is OK.

noah

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: rootkit not found by rkhunter
  - From: Jörg Sommer <joerg@alea.gnuu.de>

References:
- rootkit not found by rkhunter
  - From: Thomas Krichel <krichel@openlib.org>
- Re: rootkit not found by rkhunter
  - From: Michael S Gilbert <michael.s.gilbert@gmail.com>
- Re: rootkit not found by rkhunter
  - From: Thomas Krichel <krichel@openlib.org>
- Re: rootkit not found by rkhunter
  - From: Noah Meyerhans <frodo@morgul.net>
- Re: rootkit not found by rkhunter
  - From: Jörg Sommer <joerg@alea.gnuu.de>

Prev by Date: Re: [SRM] clamav 0.94.x EOL
Next by Date: Re: [SRM] clamav 0.94.x EOL
Previous by thread: Re: rootkit not found by rkhunter
Next by thread: Re: rootkit not found by rkhunter
Index(es):
- Date
- Thread