Adore over adore?

From: Anton Chuvakin (anton@chuvakin.org)
Date: 04/24/02


Date: Wed, 24 Apr 2002 11:26:01 -0400 (EDT)
From: Anton Chuvakin <anton@chuvakin.org>
To: focus-linux@securityfocus.com

Hi all,

Could somebody with better knowledge of Linux kernel enlighten me what
will happen if attacker tries to install an adore-based kit (or other LKM
kit) on a box already trojaned with LKM? I suppose new adore will take
control from previous adore since it will remap kernel calls elsewhere,
right? Or am I gravely confused here? ;-)

Any way to make sure my adore stays put? I looked at what StJude module
is doing and it looks promising, but maybe something else can help?

Thanks a lot for any response.

Best,

-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org