Re: Exploit or trojan

From: Felipe Franciosi (
Date: 12/18/03

  • Next message: Gil Disatnik: "Re: Exploit or trojan"
    Date: Thu, 18 Dec 2003 11:56:46 -0200

    > Oops.
    > Such kind of kernel backdoors (e.g. loadable kernel modules) are also
    > present for Solaris, *BSD and Windows systems. If you are unsure whether
    > someone has compromised your system, don't trust the system's kernel!

    Yeah you are right! I was just reading about coding solaris kernel
    modules. It is pretty easy, actually. Anyone can find a lot of
    documents on google.

    A little addition here: Some Linux backdoors (Suckit, for example)
    doesn't work as a kernel module. It just opens /dev/kmem and patch
    it on the fly. It is still detectable, though, trought some imple-
    mentation flaws or checking mechanisms that verify the kernel
    syscall table integrity.

    Best regards,

    Felipe Franciosi <>

  • Next message: Gil Disatnik: "Re: Exploit or trojan"

    Relevant Pages