[oclug]iptables and modules
raywood at magma.ca
Thu Oct 17 23:34:18 EDT 2002
On Thu, Oct 17, 2002 at 11:09:44PM -0400, Bart Trojanowski imagined:
> * Bart Trojanowski <bart-oclug at jukie.net> [021017 23:03]:
> > Yep, (essentially) the same thing can be done with root
> > access and no module support in the kernel. I don't think
> > this has been use for installing a rootkit before[i], but
> > you can install a stealth libc.so replacement. Since
> > everything goes through libc you cannot stop the exploit.
> > To be platform compliant the old libc can be kept around,
> > but invisible, while the new libc -- which is presumably
> > trojaned -- does actual kernel access using the old libc.
> I wonder if I would get arrested for speculation of how a
> rootkit could be made, had I been a US citizen.
> hmm ... who is that knocking on my door?
You've gone way too far with that 'free thinking' stuff buddy...
All right everyone, break it up, move along, move along...
Everybody back to sleep, good...
"You deserve to be able to cooperate openly and freely with other
people who use software. You deserve free software."
-Richard M. Stallman, Free Software Foundation, http://www.fsf.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20021017/5de3ab1b/attachment.bin
More information about the OCLUG