On Sunday 04 November 2007 01:39:50 Aniruddha wrote:
On Sun, 2007-11-04 at 01:23 +0100, Anders Johansson wrote:
And about your thread on packman, I hope you know that a "malicious change" can be as simple as changing a buffer size check from 10 to 11, or changing fgets to gets. No rootkit detector in the world will find that, but after such a change, a malicious user can walk right in
Anders
Interesting point. I didn't know that. This change would create a buffer overflow attack right?
Yes it would. And there are millions of variations, more or less subtle, that no one would notice unless they were specifically looking for it.
http://kerneltrap.org/node/1584
is one of the better known examples. Something like that would be completely impossible to find programmatically
Anders