Re: LKM rootkits in 2.6.x - Måns Rullgård

All of lore.kernel.org
 help / color / mirror / Atom feed

From: mru@kth.se (Måns Rullgård)
To: linux-kernel@vger.kernel.org
Subject: Re: LKM rootkits in 2.6.x
Date: Thu, 11 Mar 2004 20:31:49 +0100	[thread overview]
Message-ID: <yw1xekrz41ui.fsf@kth.se> (raw)
In-Reply-To: 1079032587.7517.1.camel@leto.cs.pocnet.net

Christophe Saout <christophe@saout.de> writes:

> Am Do, den 11.03.2004 schrieb Dave Jones um 19:48:
>
>> Don't bet on it.  They'll just start doing what binary-only driver vendors
>> have been doing for months.. If the table isn't exported, they find a symbol
>> that is exported, and grovel around in memory near there until they find
>> something that looks like it, and patch accordingly.
>
> Ugh... this sounds ugly. This should be forbidden. I mean, what are
> things like EXPORT_SYMBOL_GPL for if drivers are allowed to patch
> whatever they want?

Who is to stop them?  When running in kernel mode you are god.

-- 
Måns Rullgård
mru@kth.se

next prev parent reply	other threads:[~2004-03-11 19:37 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-11 19:26 LKM rootkits in 2.6.x pg smith
2004-03-11 18:48 ` Dave Jones
2004-03-11 19:16   ` Christophe Saout
2004-03-11 19:30     ` Valdis.Kletnieks
2004-03-11 20:42       ` Horst von Brand
2004-03-11 20:49       ` Timothy Miller
2004-03-11 19:31     ` Måns Rullgård [this message]
2004-03-11 19:49       ` Tomasz Torcz
2004-03-11 20:33     ` Horst von Brand
2004-03-11 20:35       ` Christophe Saout
2004-03-11 23:50         ` Dave Jones
2004-03-12  0:51           ` Dax Kelson
2004-03-12  0:57             ` Dave Jones
2004-03-14  0:44   ` Jirka Kosina
2004-03-11 19:39 ` Valdis.Kletnieks
2004-03-11 19:57   ` Paul Rolland
2004-03-11 20:27 ` Horst von Brand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=yw1xekrz41ui.fsf@kth.se \
    --to=mru@kth.se \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.