From: Cedric Blancher (
Date: 12/20/01

  • Next message: Marek Pedziwiatr: "web downoload robots"

    From: Cedric Blancher <>
    Date: Thu, 20 Dec 2001 08:48:41 +0000 (UTC)

    Dans sa prose, uzon ( nous ecrivait :
    > how is it possible to detect a malicious LKM?

    Yes, most of them.

    > I saw something with KSTAT but it wasn't too clear.

    You can look at exported symbols.


    And, to avoid them, build your kernel _without_ module support and
    disable /dev/kmem and stuff with a patch like LIDS to avoid a LKM to be
    forced loaded.

    BOFH excuse #55:

    Plumber mistook routing panel for decorative wall fixture