User: Password:
|
|
Subscribe / Log in / New account

A rootkit dissected

A rootkit dissected

Posted Nov 22, 2012 15:46 UTC (Thu) by spender (subscriber, #23067)
In reply to: A rootkit dissected by epa
Parent article: A rootkit dissected

Linux already has it -- it's called LSM.

-Brad


(Log in to post comments)

A rootkit dissected

Posted Nov 22, 2012 22:57 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]

That doesn't help, as LSMs can't be loadable modules.

A rootkit dissected

Posted Nov 22, 2012 23:33 UTC (Thu) by PaXTeam (guest, #24616) [Link]

is the stable 3.2 series maintainer seriously saying that general kernel modules can't (ab)use the LSM interfaces? for real? ;)

A rootkit dissected

Posted Nov 23, 2012 1:18 UTC (Fri) by BenHutchings (subscriber, #37955) [Link]

Kernel modules can use, abuse or bypass any interface, exported or not. But run-time installable LSMs would be so much more convenient to the rookit author.

A rootkit dissected

Posted Nov 23, 2012 1:25 UTC (Fri) by PaXTeam (guest, #24616) [Link]

and what exactly prevents a normal module from posing as an LSM? nothing? ;)

A rootkit dissected

Posted Nov 24, 2012 0:12 UTC (Sat) by dpquigl (guest, #52852) [Link]

You're right absolutely nothing and with this proposed patch by the TOMOYO developer[1] It will become even easier.

[1]http://www.spinics.net/linux/fedora/linux-security-module...


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds