Security Incidents mailing list archives
Re: chkrootkit and LKM?
From: Valdis.Kletnieks () vt edu
Date: Wed, 18 Jun 2003 00:39:53 -0400
On Tue, 17 Jun 2003 16:47:52 -0300, Blade Runner <blade () seven com br> said:
If possible, do not allow Loadable module support , maybe this can avoid future problems with lkm.
Please note that even if the kernel is built without loadable module support, it is still possible to insert a module into the kernel - it just requires a bit more effort on the part of the programmer. Silvio Cesare's paper on doing this: http://www.l0t3k.org/biblio/kernel/english/runtime-kernel-kmem-patching.txt More than you ever wanted to know: http://packetstormsecurity.nl/docs/hack/LKM_HACKING.html
Attachment:
_bin
Description:
Current thread:
- chkrootkit and LKM? Janus N. (Jun 16)
- Re: chkrootkit and LKM? Ali-Reza Anghaie (Jun 16)
- Re: chkrootkit and LKM? Janus N. (Jun 17)
- Re: chkrootkit and LKM? Blade Runner (Jun 17)
- Re: chkrootkit and LKM? Valdis . Kletnieks (Jun 18)
- Re: chkrootkit and LKM? Tim Greer (Jun 17)
- RE: chkrootkit and LKM? Rob Shein (Jun 18)
- Re: chkrootkit and LKM? Tim Greer (Jun 18)
- RE: chkrootkit and LKM? Andrew Ruef (Jun 21)
- Re: chkrootkit and LKM? Tim Greer (Jun 23)
- RE: chkrootkit and LKM? Rob Shein (Jun 18)
- Re: chkrootkit and LKM? Ali-Reza Anghaie (Jun 16)