Hi, I was curious about how kernel rootkits become a part of the kernel ? One way I guess is by inserting a kernel module. And rootkits also manage to hide themselves from rootkit detectors.
few questions: 1. Are there any other ways by which rootkits become part of the kernel ? 2. If modules can access only exported symbols, how is it that kernel rootkits manage to get hold of other information from the kernel ? For ex, the process table. I am not familiar with the /dev/kmem interface. Does this interface let any kernel module read any symbol (even non-exported) from the kernel ? 3. If I want to hide a function which is part of the kernel from kernel modules, is this possible ideally ? thanks, Allison - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
