Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Positive uses for rootkits

From: Ben Ford <bford () ERISKSECURITY COM>
Date: Mon, 26 Mar 2001 06:25:21 -0800
I believe Medusa DS9 is capable of stopping this attack.

http://freshmeat.net/search/?q=medusa

-b


The Attitude Adjuster wrote:


On Sun, 25 Mar 2001, Dick Visser wrote:


On Fri, 23 Mar 2001, Jonathan James wrote:


With Kernel Modules installed you've generally got 100% control of the
current hosting operating system.


So that's why I think it's better to build a minimal, static kernel
without modules support. And once your kernel is OK and running, remove
the .config file from your kernel source tree. If someone does get in and



Even so, once you've got root/superuser/Adminsitrator/Ring-0 (take your
pick as appropriate) access, you can patch the kernel binary in memory if
you really want to. It's a no-win scenario, as long as a user is capable
of executing arbitary code as "kernel mode".

OTOH, if the operating system were designed such that there was no avenue
for arbitary code to ever be executed as "kernel mode", it would be a
"winnable" game.

What types (if any) of x86-based operating systems are there that are
designed in this manner? I'm showing my ignorance here in not being able
to articulate the formal name of this type of design.

  __ __ __
  / /-//-/  The Attitude Adjuster    http://www.peeved.org
      ...so terribly unfashionable media productions...
Previous By Date Next
Previous By Thread Next

Current thread: