On Sat, Dec 23, 2000 at 10:35:26AM +1300, Carey Evans wrote: > "Dan Hutchinson" <[EMAIL PROTECTED]> writes: > > > Sorry I miss read your response. > > Well you can get the source kernel and run it threw the fornesics program > > then compile it possible. > > Anyway it will help with open trojans and virus anyway. > > There's a couple of things that could go wrong here: > > - gcc could be modified to include a backdoor in the kernel, > something like the way described here: > > http://www.acm.org/classics/sep95/ > > - The trojan could be a Linux kernel module that hides itself from > any system calls that might detect it, substituting innocuous code, > and different MD5 checksums. You can easily find modules like this > quite easily on the web. >
That's why you run the checker from a known-good floppy or CD. The bogus kernel can't protect itself if it isn't running :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
