[oclug]iptables and modules
Raymond Wood
raywood at magma.ca
Thu Oct 17 23:34:18 EDT 2002
On Thu, Oct 17, 2002 at 11:09:44PM -0400, Bart Trojanowski imagined:
> * Bart Trojanowski <bart-oclug at jukie.net> [021017 23:03]:
> > Yep, (essentially) the same thing can be done with root
> > access and no module support in the kernel. I don't think
> > this has been use for installing a rootkit before[i], but
> > you can install a stealth libc.so replacement. Since
> > everything goes through libc you cannot stop the exploit.
> > To be platform compliant the old libc can be kept around,
> > but invisible, while the new libc -- which is presumably
> > trojaned -- does actual kernel access using the old libc.
> I wonder if I would get arrested for speculation of how a
> rootkit could be made, had I been a US citizen.
>
> hmm ... who is that knocking on my door?
>
> B.
You've gone way too far with that 'free thinking' stuff buddy...
All right everyone, break it up, move along, move along...
Everybody back to sleep, good...
=)
Raymond
--
"You deserve to be able to cooperate openly and freely with other
people who use software. You deserve free software."
-Richard M. Stallman, Free Software Foundation, http://www.fsf.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20021017/5de3ab1b/attachment.bin
More information about the OCLUG
mailing list