Em 18-02-2014 16:10, Dmitrij D. Czarkoff escreveu: > So you think that placing rootkit in LD_PRELOAD hides it? I would > wonder about your definition of revealing then. It seems to me that you jumped aboard this thread without reading all e-mails exchanged on it. Of course a rootkit using LD_PRELOAD is much more visible than a kmod rootkit or even a bios/mbr rootkit. I mentioned it in one of the very first e-mails. The OP, me and Daniel were just discussing if OpenBSD is affected by such rootkits. Also, if you had took a look on the rootkit that the OP mentioned, you would see that it was a linux rootkit, it won't even compile on OpenBSD I guess, since it uses PAM, and it is GNU centric.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
