Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 19 Nov 2000 10:41:31 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 19 Nov 2000 10:41:21 -0500 Received: from anime.net ([63.172.78.150]:525 "EHLO anime.net") by vger.kernel.org with ESMTP id ; Sun, 19 Nov 2000 10:41:05 -0500 Date: Sun, 19 Nov 2000 07:11:15 -0800 (PST) From: Dan Hollis To: cc: David Lang , Subject: Re: BTTV detection broken in 2.4.0-test11-pre5 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 19 Nov 2000, Alexander Viro wrote: > On Sun, 19 Nov 2000, David Lang wrote: > > there is a rootkit kernel module out there that, if loaded onto your > > system, can make it almost impossible to detect that your system has been > > compramised. with module support disabled this isn't possible. > Yes, it is. Easily. If you've got root you can modify the kernel image and > reboot the bloody thing. And no, marking it immutable will not help. Open > the raw device and modify relevant blocks. Kernel on writeprotected floppy disk... -Dan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/