Vulnerability Development mailing list archives
Re: Positive uses for rootkits
From: Kev <klmitch () MIT EDU>
Date: Wed, 28 Mar 2001 10:20:41 -0500
There *are* wasy around this, but you gotta be good. If you play with memory locations directly, there are ways to load a module even on a static monloitic kernel.^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ HOW ?! (with modules disabled) seems insane to me, although I'm not a kernel hacker.
Simple. You use a root-owned process to fiddle with the memory directly, putting the code you want it running in the right place, then fiddling with appropriate jump vectors to make it be executed at the right time. Obviously not something for the faint-of-heart... -- Kevin L. Mitchell <klmitch () mit edu>
Current thread:
- Re: Positive uses for rootkits -> off-topic: booting tricks., (continued)
- Re: Positive uses for rootkits -> off-topic: booting tricks. Alex Schütz (Mar 27)
- Re: Positive uses for rootkits -> off-topic: booting tricks. ze Snark (Mar 28)
- Re: Positive uses for rootkits The Attitude Adjuster (Mar 25)
- Re: Positive uses for rootkits Ben Ford (Mar 28)
- Re: Positive uses for rootkits Big Woz (Mar 28)
- Re: Positive uses for rootkits Renee Teunissen (Mar 26)
- Re: Positive uses for rootkits Dick Visser (Mar 26)
- The use of immunix Renee Teunissen (Mar 26)
- Re: Positive uses for rootkits Ben Ford (Mar 27)
- Re: Positive uses for rootkits Martin 'Goran' Moravec (Mar 28)
- Re: Positive uses for rootkits Kev (Mar 28)
- Re: Positive uses for rootkits Ryan Permeh (Mar 29)
- Kernel-level security (was Re: Positive uses for rootkits) Craig Boston (Mar 29)
- Re: Positive uses for rootkits Gregor Binder (Mar 29)
- ICQ exploit Geo. (Mar 28)
- Re: ICQ exploit Jonathan James (Mar 28)
- Re: ICQ exploit Mikko Ruskola (Mar 28)
- Re: ICQ exploit Knud Erik Højgaard - CyberCity Support (Mar 28)
- Re: ICQ exploit John (Mar 28)
- Re: ICQ exploit Blake Frantz (Mar 28)