Re: RPM aware rootkits?
From: Seth Arnold (sarnold@wirex.com)Date: 02/14/02
- Previous message: Chris Green: "Re: RPM aware rootkits?"
- In reply to: dewt: "Re: RPM aware rootkits?"
- Next in thread: Jose Nazario: "Re: RPM aware rootkits?"
- Next in thread: Chris Green: "Re: RPM aware rootkits?"
- Reply: Jose Nazario: "Re: RPM aware rootkits?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Feb 2002 15:13:59 -0800 From: Seth Arnold <sarnold@wirex.com> To: focus-linux@securityfocus.com
On Wed, Feb 13, 2002 at 01:26:47PM -0600, dewt wrote:
> > Do you know any of the RPM-aware rootkits for Linux which will not be
> > detected by "rpm --verify". I would prefer direct edit of /var/lib/rpm
> > rather to trojaned rpm binary, but what the heck - whatever will do.
> i'm not aware of one, but making a small spec file for the trojaned binaries
> and making your own rpm package could work, of course that wont pass the -Vp
> option but not many people do that.
If this is for one of your own machines, wouldn't it be far simpler to
replace rpm's --verify handler with a function that always returns "this
package looks fine" ?
-- Join the fight against terrorism by giving up your liberties today!
- application/pgp-signature attachment: stored
- Previous message: Chris Green: "Re: RPM aware rootkits?"
- In reply to: dewt: "Re: RPM aware rootkits?"
- Next in thread: Jose Nazario: "Re: RPM aware rootkits?"
- Next in thread: Chris Green: "Re: RPM aware rootkits?"
- Reply: Jose Nazario: "Re: RPM aware rootkits?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
