Adore over adore?From: Anton Chuvakin (email@example.com)
- Previous message: Joachim Blaabjerg: "Re: No Root Shell with SUID /bin/bash"
- Next in thread: Lawless, Tim: "RE: Adore over adore?"
- Reply: Lawless, Tim: "RE: Adore over adore?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Apr 2002 11:26:01 -0400 (EDT) From: Anton Chuvakin <firstname.lastname@example.org> To: email@example.com
Could somebody with better knowledge of Linux kernel enlighten me what
will happen if attacker tries to install an adore-based kit (or other LKM
kit) on a box already trojaned with LKM? I suppose new adore will take
control from previous adore since it will remap kernel calls elsewhere,
right? Or am I gravely confused here? ;-)
Any way to make sure my adore stays put? I looked at what StJude module
is doing and it looks promising, but maybe something else can help?
Thanks a lot for any response.
-- Anton A. Chuvakin, Ph.D. http://www.chuvakin.org http://www.info-secure.org