[KLUG Members] A kernel Q

Adam Tauno Williams adam at morrison-ind.com
Fri Sep 10 16:40:35 EDT 2004

Previous message: [KLUG Members] A kernel Q
Next message: [KLUG Members] A kernel Q
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >I suppose, I find these kind of things rather dubious.  To potentially
> >exploit the module loading mechanism you have to have already exploited
> >the box to gain local access - in other words: your already humped.
> So do LKM Root Kits really not exist in this universe?

Sure they do, but as stated - "[to] exploit the module loading mechanism you
have to have already exploited the box to gain local access - in other words:
your already humped."  If they can use a LKM on your firewall - IT IS WAY TOO
LATE.  You have to have (a) accessed the firewall [ in which case it ain't
firewalling anymore ] and (b) got a process to run as root [ in which case your
already at the reinstall solution ].

"Intro To Root Kits" - http://lineman.net/article127.html -
"The only real protection for stopping the use of LKM Trojans is to not use any
LKM, but this is usually more work in the long run then it’s worth. The best
way to prevent root-kits is by always having your box up to date and fully
secure"

Previous message: [KLUG Members] A kernel Q
Next message: [KLUG Members] A kernel Q
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list