Security Incidents mailing list archives

Re: chkrootkit and LKM?

From: Valdis.Kletnieks () vt edu
Date: Wed, 18 Jun 2003 00:39:53 -0400

On Tue, 17 Jun 2003 16:47:52 -0300, Blade Runner <blade () seven com br>  said:

If possible, do not allow Loadable module support , maybe this can avoid
future problems with lkm.


Please note that even if the kernel is built without loadable module support,
it is still possible to insert a module into the kernel - it just requires
a bit more effort on the part of the programmer.

Silvio Cesare's paper on doing this:
http://www.l0t3k.org/biblio/kernel/english/runtime-kernel-kmem-patching.txt

More than you ever wanted to know:

http://packetstormsecurity.nl/docs/hack/LKM_HACKING.html

Attachment: _bin
Description:

Current thread:

chkrootkit and LKM? Janus N. (Jun 16)
- Re: chkrootkit and LKM? Ali-Reza Anghaie (Jun 16)
  - Re: chkrootkit and LKM? Janus N. (Jun 17)
  - Re: chkrootkit and LKM? Blade Runner (Jun 17)
    - Re: chkrootkit and LKM? Valdis . Kletnieks (Jun 18)
- Re: chkrootkit and LKM? Tim Greer (Jun 17)
  - RE: chkrootkit and LKM? Rob Shein (Jun 18)
    - Re: chkrootkit and LKM? Tim Greer (Jun 18)
    - RE: chkrootkit and LKM? Andrew Ruef (Jun 21)
    - Re: chkrootkit and LKM? Tim Greer (Jun 23)
- Re: chkrootkit and LKM? Nathan Dornquast (Jun 17)
- Re: chkrootkit and LKM? Guille -bisho- (Jun 17)
- Re: chkrootkit and LKM? Adam Sampson (Jun 17)