From: Dave Jones <davej@redhat.com>
To: Dax Kelson <dax@gurulabs.com>
Cc: Christophe Saout <christophe@saout.de>,
Horst von Brand <vonbrand@inf.utfsm.cl>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: LKM rootkits in 2.6.x
Date: Fri, 12 Mar 2004 00:57:43 +0000 [thread overview]
Message-ID: <20040312005743.GL28660@redhat.com> (raw)
In-Reply-To: <1079052692.5345.0.camel@mentor.gurulabs.com>
On Thu, Mar 11, 2004 at 05:51:33PM -0700, Dax Kelson wrote:
> On Thu, 2004-03-11 at 16:50, Dave Jones wrote:
> > On Thu, Mar 11, 2004 at 09:35:32PM +0100, Christophe Saout wrote:
> >
> > > > It _is_ forbidden. This isn't any kind of accident we are talking about,
> > > > this is out and out fraud.
> > >
> > > I'm talking about binary modules, not rootkits. Vendors aren't doing
> > > forbidden things, are they?
> > Yes.
> What Vendors and modules?
Most recent one I saw was some 'antivirus' filescanning module.
The name escapes me. It was mentioned on l-k at the time.
It wasn't the first by any means however. This trick has been used
since vendors stopped exporting sys_call_table.
Dave
next prev parent reply other threads:[~2004-03-12 0:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-11 19:26 LKM rootkits in 2.6.x pg smith
2004-03-11 18:48 ` Dave Jones
2004-03-11 19:16 ` Christophe Saout
2004-03-11 19:30 ` Valdis.Kletnieks
2004-03-11 20:42 ` Horst von Brand
2004-03-11 20:49 ` Timothy Miller
2004-03-11 19:31 ` Måns Rullgård
2004-03-11 19:49 ` Tomasz Torcz
2004-03-11 20:33 ` Horst von Brand
2004-03-11 20:35 ` Christophe Saout
2004-03-11 23:50 ` Dave Jones
2004-03-12 0:51 ` Dax Kelson
2004-03-12 0:57 ` Dave Jones [this message]
2004-03-14 0:44 ` Jirka Kosina
2004-03-11 19:39 ` Valdis.Kletnieks
2004-03-11 19:57 ` Paul Rolland
2004-03-11 20:27 ` Horst von Brand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040312005743.GL28660@redhat.com \
--to=davej@redhat.com \
--cc=christophe@saout.de \
--cc=dax@gurulabs.com \
--cc=linux-kernel@vger.kernel.org \
--cc=vonbrand@inf.utfsm.cl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.