Re: Exploit or trojan

From: Felipe Franciosi (ozzybugt_at_terra.com.br)
Date: 12/18/03

  • Next message: Gil Disatnik: "Re: Exploit or trojan"
    Date: Thu, 18 Dec 2003 11:56:46 -0200
    To: focus-sun@securityfocus.com
    
    

    > Oops.
    >
    > Such kind of kernel backdoors (e.g. loadable kernel modules) are also
    > present for Solaris, *BSD and Windows systems. If you are unsure whether
    > someone has compromised your system, don't trust the system's kernel!

    Yeah you are right! I was just reading about coding solaris kernel
    modules. It is pretty easy, actually. Anyone can find a lot of
    documents on google.

    A little addition here: Some Linux backdoors (Suckit, for example)
    doesn't work as a kernel module. It just opens /dev/kmem and patch
    it on the fly. It is still detectable, though, trought some imple-
    mentation flaws or checking mechanisms that verify the kernel
    syscall table integrity.

    Best regards,
    Felipe

    -- 
    Felipe Franciosi <ozzybugt@terra.com.br>
    

  • Next message: Gil Disatnik: "Re: Exploit or trojan"

    Relevant Pages