Adore over adore?
From: Anton Chuvakin (anton@chuvakin.org)Date: 04/24/02
- Previous message: Joachim Blaabjerg: "Re: No Root Shell with SUID /bin/bash"
- Next in thread: Lawless, Tim: "RE: Adore over adore?"
- Reply: Lawless, Tim: "RE: Adore over adore?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Apr 2002 11:26:01 -0400 (EDT) From: Anton Chuvakin <anton@chuvakin.org> To: focus-linux@securityfocus.com
Hi all,
Could somebody with better knowledge of Linux kernel enlighten me what
will happen if attacker tries to install an adore-based kit (or other LKM
kit) on a box already trojaned with LKM? I suppose new adore will take
control from previous adore since it will remap kernel calls elsewhere,
right? Or am I gravely confused here? ;-)
Any way to make sure my adore stays put? I looked at what StJude module
is doing and it looks promising, but maybe something else can help?
Thanks a lot for any response.
Best,
--
Anton A. Chuvakin, Ph.D.
http://www.chuvakin.org
http://www.info-secure.org
- Previous message: Joachim Blaabjerg: "Re: No Root Shell with SUID /bin/bash"
- Next in thread: Lawless, Tim: "RE: Adore over adore?"
- Reply: Lawless, Tim: "RE: Adore over adore?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
