[ale] Monolithic vs Modularised Kernels
Jason Day
jasonday at worldnet.att.net
Wed Jul 9 12:08:44 EDT 2003
On Wed, Jul 09, 2003 at 10:34:40AM -0400, John Wells wrote:
> Hmmm...to load modules into the kernel, you have to be root. So, if a
> 1337 h4X0r is able to load a module, you're probably already pretty
> screwed.
>
> Or am I missing something?
Yes. If an attacker can load a custom kernel module, and if he's good
enough, he can make it much harder for you to realize you've been owned.
A kernel module can prevent things like netstat or even ls from finding
an installed rootkit.
--
Jason Day jasonday at
http://jasonday.home.att.net worldnet dot att dot net
"Of course I'm paranoid, everyone is trying to kill me."
-- Weyoun-6, Star Trek: Deep Space 9
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list