On Fri, Aug 20, 2010 at 10:48 AM, Michael Blizek <michi1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
well yes,
with rootkit installed, you are totally vulnerable.
One reason, I asked about this tutorial was because while looking for stuff related to kernel(or anything linux related) you may come across a lot of tutorials, which are pretty good. But they were written few years back and are no more updated(or maintained). If some new user reads them, he may get the wrong idea of things. If I had know-how of updating this tutorial, I would have gone ahead.
One more point I would like to point out that I got this link from Linux-sec.net, which has a lot of useful links related to linux security, but again site seems to be un-updated for long. There isn't any central location for finding info related to security issues in kernel.
Regards
Anuz
Hi!
What they are describing are called rootkits. They still exist today and you
On 15:37 Thu 19 Aug , Anuz Pratap Singh Tomar wrote:
> Hi all,
> I came across this page about possible security exploit in kernel modules.
> This page is very old(circa 1999), but it seems very interesting, I am
> wondering if this is any more relevant or all the holes are well patched
> now.
>
> http://www.packetstormsecurity.nl/docs/hack/LKM_HACKING.html#I.1.
do not even need to have loadable kernel modules enabled. There is also a tool
called chkrootkit, which tries to detect them. However, if your attacker has
gained root access, it pretty much means that you are doomed.
well yes,
with rootkit installed, you are totally vulnerable.
One reason, I asked about this tutorial was because while looking for stuff related to kernel(or anything linux related) you may come across a lot of tutorials, which are pretty good. But they were written few years back and are no more updated(or maintained). If some new user reads them, he may get the wrong idea of things. If I had know-how of updating this tutorial, I would have gone ahead.
One more point I would like to point out that I got this link from Linux-sec.net, which has a lot of useful links related to linux security, but again site seems to be un-updated for long. There isn't any central location for finding info related to security issues in kernel.
Regards
Anuz
