Re: Exploit or trojan
From: Felipe Franciosi (ozzybugt_at_terra.com.br)
Date: 12/18/03
- Previous message: Konrad Rieck: "Re: Exploit or trojan"
- In reply to: Konrad Rieck: "Re: Exploit or trojan"
- Next in thread: dav: "Re: Exploit or trojan"
- Reply: dav: "Re: Exploit or trojan"
- Reply: Steve Bremer: "Re: Exploit or trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Dec 2003 11:56:46 -0200 To: focus-sun@securityfocus.com
> Oops.
>
> Such kind of kernel backdoors (e.g. loadable kernel modules) are also
> present for Solaris, *BSD and Windows systems. If you are unsure whether
> someone has compromised your system, don't trust the system's kernel!
Yeah you are right! I was just reading about coding solaris kernel
modules. It is pretty easy, actually. Anyone can find a lot of
documents on google.
A little addition here: Some Linux backdoors (Suckit, for example)
doesn't work as a kernel module. It just opens /dev/kmem and patch
it on the fly. It is still detectable, though, trought some imple-
mentation flaws or checking mechanisms that verify the kernel
syscall table integrity.
Best regards,
Felipe
-- Felipe Franciosi <ozzybugt@terra.com.br>
- Previous message: Konrad Rieck: "Re: Exploit or trojan"
- In reply to: Konrad Rieck: "Re: Exploit or trojan"
- Next in thread: dav: "Re: Exploit or trojan"
- Reply: dav: "Re: Exploit or trojan"
- Reply: Steve Bremer: "Re: Exploit or trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
