8 Nov
2001
8 Nov
'01
15:44
On 8. Nov 2001 15:34 wrote Richard Clyne:
You could use a live eval version of the linux distribution to get 'safe' copies of the binaries.
No you cannot. If someone has root access to a box he can change everything in your system including the open() function in your kernel. (This can be easily done with a kernel module.) You cannot trust a box which has been broken in. Backup - reinstall - patch - connect to the net. And to answer the original question: a clever attacker would be able to change the entries in the /proc-fs Peter