Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: yes, its t0rn again
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: yes, its t0rn again
  • From: Aaron <[EMAIL PROTECTED]>
  • Date: Sat, 06 Jan 2001 19:30:36 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
On 01.01.04 at 14:29, Helmut Springer wrote:

[...]
# if you're playing rough you won't have modules support in the kernel
# (as long as you can't make sure modules can't be tampered) and a
# read only boot media checking the system from a read only core
# system on startup.
#
# yes, that somewhat makes system maintenance a pain.  the price to
# pay.

Not only could removing module support make system maintenance a pain, but
it isn't sufficient to stop the kernel from being modified after startup.
Silvio Cesare wrote a paper in Nov '98 that discusses how to do this
via direct writes to /dev/*mem:

  Runtime Kernel kmem Patching
  http://www.big.net.au/~silvio/runtime-kernel-kmem-patching.txt


Aaron
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.