Shri Shrikumar:
> On Thu, 2003-07-03 at 22:30, Mario Lopez wrote:
> > In any case if you have a lkm rootkit, your done, dosent matter if
> > you upload static, dinamic or whatever, kernel root kits are hard to
> > find, not even lsmod, rmmod can help you because it is
> quite easy to
> > make a kernel module unloadable or even hiden, some of you may be
> > thinking that they are safe to those kind of attacks because they
> > have disabled kernel module support in theyr kernel, well they are
> > wrong :), there is code, and nice white papers explaining how to
> > insert kernel code through /proc/kmem, if I am not wrong Silvio
> > Cesare developed this technique two or three years ago, although it
> > hasent being exploited too much you must be aware of it's existance.
>
> I dont have module support and I dont have /proc/kmem. Am I missing
> something ? Running 2.4.20.
>
I'm sure he meant /dev/kmem
