| |||||||||||||
A rootkit dissectedA rootkit dissectedPosted Nov 22, 2012 22:57 UTC (Thu) by BenHutchings (subscriber, #37955)In reply to: A rootkit dissected by spender Parent article: A rootkit dissected
That doesn't help, as LSMs can't be loadable modules.
(Log in to post comments)
A rootkit dissected Posted Nov 22, 2012 23:33 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
is the stable 3.2 series maintainer seriously saying that general kernel modules can't (ab)use the LSM interfaces? for real? ;)
A rootkit dissected Posted Nov 23, 2012 1:18 UTC (Fri) by BenHutchings (subscriber, #37955) [Link]
Kernel modules can use, abuse or bypass any interface, exported or not. But run-time installable LSMs would be so much more convenient to the rookit author.
A rootkit dissected Posted Nov 23, 2012 1:25 UTC (Fri) by PaXTeam (subscriber, #24616) [Link]
and what exactly prevents a normal module from posing as an LSM? nothing? ;)
A rootkit dissected Posted Nov 24, 2012 0:12 UTC (Sat) by dpquigl (subscriber, #52852) [Link]
You're right absolutely nothing and with this proposed patch by the TOMOYO developer[1] It will become even easier.
[1]http://www.spinics.net/linux/fedora/linux-security-module...
|
|||||||||||||