A rootkit can trivially hide wherever it likes if module loading is enabled: rootkits don't respect the exportedness of symbols. (Most common rootkits can inject themselves by banging directly on /dev/mem. It will be good to finally eliminate the ability to write to that device... come on pci-rework, we want X to not depend on /dev/mem anymore :) )
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds