On 11/8/06, Fernando Apesteguía <fernando.apesteguia@xxxxxxxxx> wrote:
Is this rootkit topic totally off-topic here :) ? I was wandering, if one "removes"
the struct module completely from procfs and sysfs, then, is there a way to find it?
(some direct approach other then pattern matching kernel memory).
Also, If I disable lsmod kernel support, and patch the kernel not to implement
/dev/kmem, then, is the system 100% protected against kernel rootkits?
(I believe that If I do not need X server, then I do not need /dev/kmem).
BlackHole
On 11/8/06, Kris van Rens <krisvanrens.list@xxxxxxxxx> wrote:
> Forgive my ignorance, but why would you want a module to be hidden?
To do bad things? :P
Is this rootkit topic totally off-topic here :) ? I was wandering, if one "removes"
the struct module completely from procfs and sysfs, then, is there a way to find it?
(some direct approach other then pattern matching kernel memory).
Also, If I disable lsmod kernel support, and patch the kernel not to implement
/dev/kmem, then, is the system 100% protected against kernel rootkits?
(I believe that If I do not need X server, then I do not need /dev/kmem).
BlackHole
