David Brodbeck writes: > I'm thinking no. To alter any of the kernel files you'd need root > privileges, and if you have that, you can do 'mount /boot'. True for an intelligent cracker, but a trojan trying to patch the kernel isn't going to know to mount anything. -- John Hasler