Dailydave mailing list archives
Re: DR Linux 2.6 rootkit released
From: Valdis.Kletnieks () vt edu
Date: Thu, 04 Sep 2008 20:14:25 -0400
On Fri, 05 Sep 2008 01:45:33 +0430, Mohammad Hosein said:
i'm probably 2-3 days far from examining this myself , but if anyone out there have ideas on how this whole debug register hooks and stuff would react on "hardened" kind of kernels ( like the one gentoo offers ) let us
You'd probably need to examine each "hardened" kernel to see if their particular mix of hardening features includes anything to stop this particular rootkit. If the particular kernel doesn't address it, the rootkit won't care. There's too many different "hardened" kernels out there, with varying degrees of hardening and sanity of security posture, across the entire spectrum of "not really hardened" to "misguided cargo-cult hardening" to "truly bulletproof" that making a generic judgment is pointless. And note that even the "truly bulletproof" ones will probably yield when faced with a sufficiently high caliber artillery shell... ;)
Attachment:
_bin
Description:
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- DR Linux 2.6 rootkit released Bas Alberts (Sep 03)
- Message not available
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Message not available
- Re: DR Linux 2.6 rootkit released Joanna Rutkowska (Sep 04)
- Re: DR Linux 2.6 rootkit released Piotr Bania (Sep 05)
- <Possible follow-ups>
- Re: DR Linux 2.6 rootkit released Pierre Falda (Sep 04)
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Re: DR Linux 2.6 rootkit released Bas Alberts (Sep 04)
- Re: DR Linux 2.6 rootkit released Mohammad Hosein (Sep 04)
- Re: DR Linux 2.6 rootkit released Valdis . Kletnieks (Sep 04)
- Re: DR Linux 2.6 rootkit released Jon Oberheide (Sep 05)
- Re: DR Linux 2.6 rootkit released Curt Wilson (Sep 05)
- Re: DR Linux 2.6 rootkit released Mohammad Hosein (Sep 04)