8 Nov
2001
8 Nov
'01
14:34
You could use a live eval version of the linux distribution to get 'safe' copies of the binaries. Richard
-----Original Message----- From: Michael Appeldorn [SMTP:appeldorn@codixx.de] Sent: 09 November 2001 13:55 To: Michael Bailey Cc: suse-security@suse.com Subject: RE: [suse-security] Let's assume a rootkit on our box
I may be reinventing the wheel here but wouldn't it be possible to put 'rootkit vulnerable' binaries on a floppy and leave it in the drive with the tab set to read only?
Then, it should be possible to use uncompromised binaries like ps if you're suspicious of those on your hard drive.