[oclug]iptables and modules
bart-oclug at jukie.net
Thu Oct 17 23:09:44 EDT 2002
* Bart Trojanowski <bart-oclug at jukie.net> [021017 23:03]:
> Yep, (essentially) the same thing can be done with root access and no
> module support in the kernel. I don't think this has been use for
> installing a rootkit before[i], but you can install a stealth libc.so
> replacement. Since everything goes through libc you cannot stop the
> exploit. To be platform compliant the old libc can be kept around, but
> invisible, while the new libc -- which is presumably trojaned -- does
> actual kernel access using the old libc.
I wonder if I would get arrested for speculation of how a rootkit could
be made, had I been a US citizen.
hmm ... who is that knocking on my door?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20021017/c4824a4b/attachment.bin
More information about the OCLUG