Adore over adore?

From: Anton Chuvakin (
Date: 04/24/02

Date: Wed, 24 Apr 2002 11:26:01 -0400 (EDT)
From: Anton Chuvakin <>

Hi all,

Could somebody with better knowledge of Linux kernel enlighten me what
will happen if attacker tries to install an adore-based kit (or other LKM
kit) on a box already trojaned with LKM? I suppose new adore will take
control from previous adore since it will remap kernel calls elsewhere,
right? Or am I gravely confused here? ;-)

Any way to make sure my adore stays put? I looked at what StJude module
is doing and it looks promising, but maybe something else can help?

Thanks a lot for any response.


     Anton A. Chuvakin, Ph.D.