Re: Positive uses for rootkits

[Ron DuFresne <dufresne () WINTERNET COM>]

On Sun, 25 Mar 2001, Dick Visser wrote:

> On Fri, 23 Mar 2001, Jonathan James wrote:
        [SNIP]

> > With Kernel Modules installed you've generally got 100% control of the
> > current hosting operating system.
> > This means that you can filter output that is sent to the user, hook into
> > the filesystem calls etc..
> > Kernel modules are hard to detect (for the common everyday user) and can be
> > installed so that they are hard to remove.
>
> So that's why I think it's better to build a minimal, static kernel
> without modules support. And once your kernel is OK and running, remove
> the .config file from your kernel source tree. If someone does get in and
> tries to make a new kernel (with modules support) he cannot simply grab
> the old configfile and add modules support to it.
> If he can make a kernel, at least he will have to configure it right to
> make it behave the same like the static kernel.
> I say this because it is not the first time I made a kernel and found out
> that it was not bootable because of a tiny misconfiguration :)
> Comments on this strategy are welcome.

removing .config holds you little time, I can just port over my predefined
.config and move along the kernel remake in a timely fashion.

Thanks,

Ron Dufresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.