[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Monolithic vs Modularised Kernels

Subject: [ale] Monolithic vs Modularised Kernels
From: jb at sourceillustrated.com (John Wells)
Date: Wed, 9 Jul 2003 12:38:26 -0400 (EDT)

Jason Day said:
> Yes.  If an attacker can load a custom kernel module, and if he's good
> enough, he can make it much harder for you to realize you've been owned.
> A kernel module can prevent things like netstat or even ls from finding
> an installed rootkit.

Ah, good point.  I was thinking that modified binaries would accomplish
the same thing, but I suppose there are more methods of detecting that
(md5 sigs, etc) than there are of detecting custom k modules.


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

Prev by Date: [ale] Quake 3 problems with RH90
Next by Date: [ale] Monolithic vs Modularised Kernels
Previous by thread: [ale] Monolithic vs Modularised Kernels
Next by thread: [ale] Monolithic vs Modularised Kernels
Index(es):
- Date
- Thread