[ale] Memory leak (hacked?)
Chris Ricker
kaboom at gatech.edu
Mon Apr 12 17:08:15 EDT 2004
On Wed, 7 Apr 2004, Joe Knapka wrote:
> Or, you may be hacked. A clever intruder can insert modules
> into the kernel (which is why a public server shouldn't have
> module load/unload enabled), and can also hide the fact that
> he's done so. A malicious module that simply allocated
> pages as fast as it could would cause the behavior you're
> seeing.
Common misperception, but it actually makes no difference. Even if you
disable module loading / unloading, attackers can still insert LKMs.
Modern linux rootkits do exactly this....
later,
chris
More information about the Ale
mailing list