Re: how to fix rootkit?

To: debian-security@lists.debian.org
Subject: Re: how to fix rootkit?
From: Michael Stummvoll <michael@stummi.org>
Date: Wed, 08 Feb 2012 20:15:35 +0100
Message-id: <4F32C9D7.30009@stummi.org>
In-reply-to: <1633362636.20120208195126@netzwerklabor.at>
References: <4F3237FA.1050206@lab127.karelia.ru> <20120208125104.GA18436@thangorodrim.de> <CAM7p17PMimBO-Ouu4gRy7L7PXWdy=a2jRhYo6Wq-J0OKY0DGPw@mail.gmail.com> <4F328178.40209@ulg.ac.be> <4F328961.4040006@advan-ce.hu> <CAM7p17Nv7iF9voVWVOocTq78dLn9S9O_61VgBfzWQNaDoSvaxw@mail.gmail.com> <4F32A8E5.1060806@stummi.org> <CAM7p17MyvsWKTd-CH0SDoDCCU5VxqLXW_cPSC=_JkhqUn3+Kzg@mail.gmail.com> <4F32C157.5090206@stummi.org> <1633362636.20120208195126@netzwerklabor.at>

Am 08.02.12 19:51, schrieb Jutta Zalud:
> Michael Stummvoll wrote:
> 
>> And who says, that the new binarys don't work in "compromized
>> mode", e.g. with a LD_PRELOAD? ;)
> 
>> you can't trust a compromized system, not even when you running
>> (or think you are running) own binaries. Who knows, what the
>> kernel does.
> 
> What exactly do you mean by "system"?

The Operating System.

As I understand Fernando he suggested to run extern self-compiled
binaries withing the compromized OS to be sure, and what i want to say
is that you can't be sure in this case.

Kind Regards,
Michael

Reply to:

Follow-Ups:
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>

References:
- how to fix rootkit?
  - From: "volk@lab127.karelia.ru" <volk@lab127.karelia.ru>
- Re: how to fix rootkit?
  - From: Alexander Schreiber <als@thangorodrim.de>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>
- Re: how to fix rootkit?
  - From: Leonor Palmeira <mlpalmeira@ulg.ac.be>
- Re: how to fix rootkit?
  - From: Repasi Tibor <repasi.tibor@advan-ce.hu>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>
- Re: how to fix rootkit?
  - From: Michael Stummvoll <michael@stummi.org>
- Re: how to fix rootkit?
  - From: Fernando Mercês <nandu88@gmail.com>
- Re: how to fix rootkit?
  - From: Michael Stummvoll <michael@stummi.org>
- Re: how to fix rootkit?
  - From: Jutta Zalud <ju@netzwerklabor.at>

Prev by Date: Re: how to fix rootkit?
Next by Date: Re: how to fix rootkit?
Previous by thread: Re: how to fix rootkit?
Next by thread: Re: how to fix rootkit?
Index(es):
- Date
- Thread