"OTOH, if somebody obtains root privileges, he can probably plant a kernel in the swapfile and instruct the boot loader to load it on the next reboot. AFAIK, most if not all checksumming tools don't deal properly with such scenarios. "
Quite a scary scenario. How could one plant a file in swap? How could you access that file? -A. Dave Florian Weimer wrote: >Dries Kimpe <[EMAIL PROTECTED]> writes: > >> Hmm, am I right in assuming that all (current) non-LKM rootkits use >>write access on /dev/kmem (/dev/mem)? In anycase, patching the kernel that >>there's no write access would be a good idea. >> > >Yes, but it's a tremendous task. Quite a few device drivers have bugs >which enable root to write kernel memory. > >OTOH, if somebody obtains root privileges, he can probably plant a >kernel in the swapfile and instruct the boot loader to load it on the >next reboot. AFAIK, most if not all checksumming tools don't deal >properly with such scenarios. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
