Re: Exploit or trojan

From: Konrad Rieck (kr_at_roqe.org)
Date: 12/17/03

  • Next message: Felipe Franciosi: "Re: Exploit or trojan"
    To: Focus Sun <focus-sun@securityfocus.com>
    Date: Wed, 17 Dec 2003 20:32:02 +0100
    
    
    

    On Tue, 2003-12-16 at 01:33, Felipe Franciosi wrote:
    > I guess that in Solaris systems you can just reach for a new copy
    > of 'ps' and use the 'clean' one to check everything out.
    > [...]
    > Doing so on Linux systems doesn't help much, since recently there
    > have been several kernel backdoors
    > [...]

    Oops.

    Such kind of kernel backdoors (e.g. loadable kernel modules) are also
    present for Solaris, *BSD and Windows systems. If you are unsure whether
    someone has compromised your system, don't trust the system's kernel!

    Regards,
    Konrad

    -- 
    Konrad Rieck <kr@roqe.org> ------------ http://people.roqe.org/kr
    Fingerprint - 5803 E58E D1BF 9A29 AFCA - 51B3 A725 EA18 ABA7 A6A3
    
    



  • Next message: Felipe Franciosi: "Re: Exploit or trojan"