Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes: > On Fri, 11 Jan 2002, Ricardo B wrote: > > Isn't there a way to turn module loading off (a way that can't be chagend > > back - without rebooting) ? > > None that cannot be undone if you're root in a non-ACL kernel. It gets hard > if the kernel has no module support at all, but not impossible.
There are already rootkits using such technology, see for example: http://www.phrack.com/phrack/58/p58-0x07 OTOH, a preloaded shared library can have an effect similar to a patched kernel, at least on most systems. -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
