On Thu, 29 Jul 2004, Mac Mason wrote:
> On Thu, Jul 29, 2004 at 12:21:01AM -0800, Matthew Schumacher wrote:
> > It seems that some of these rootkits use a kernel module or
> > kernel-memory-patching to load then they conceal themselves. Pretty
> > scary stuff.
> Which is why 'disable the kernel's module-loading abilities' is near the
> top of any real hardening agenda. If they can't load said module, they
> can't do any harm via that vector.
True, but modules aren't necessary to patch a running kernel.
Mike
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jul 29 06:46:28 2004
This archive was generated by hypermail 2.1.8 : Thu Jul 29 2004 - 06:46:30 AKDT