Re: LKMFrom: Cedric Blancher (firstname.lastname@example.org)
- Previous message: Cedric Blancher: "Re: Is this correct in Ipchains?"
- In reply to: uzon: "LKM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Cedric Blancher <email@example.com> Date: Thu, 20 Dec 2001 08:48:41 +0000 (UTC)
Dans sa prose, uzon (firstname.lastname@example.org) nous ecrivait :
> how is it possible to detect a malicious LKM?
Yes, most of them.
> I saw something with KSTAT but it wasn't too clear.
You can look at exported symbols.
And, to avoid them, build your kernel _without_ module support and
disable /dev/kmem and stuff with a patch like LIDS to avoid a LKM to be
-- BOFH excuse #55:
Plumber mistook routing panel for decorative wall fixture