25 Apr
2002
25 Apr
'02
14:46
Yuppa, Roman Drahtmueller wrote: [...]
Could you elaborate on that a little more? I thought, that the nastiest root-kits available exploit the module mechanisms? Not true?
Negative... It's in one of the phrack magazines: manipulation of kernel memory through /dev/mem, thereby making in possible to introduce new code. So, you see: As long as you can manipulate memory, you're not safe.
If anyone is interested, here's the article where Phrack #58 refers to in "Advances in Kernel Hacking": http://www.big.net.au/~silvio/runtime-kernel-kmem-patching.txt Boris Lorenz <bolo@lupa.de> ---