|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Announcement: Solaris loadable kernel module backdoor
Subject: Re: Announcement: Solaris loadable kernel module backdoor
From: der Mouse (mouse
RODENTS.MONTREAL.QC.CA)
Date: Thu Jan 06 2000 - 10:20:46 CST
- Next message: Thompson, Zach, CPG: "Re: The WebTV Email Exploit"
- Previous message: Jim Frost: "Re: Handspring Visor Network HotSync Security Hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> [...] the numerous other ways root can subvert the running kernel ---
> or, equivalently, all running processes (e.g. with ptrace).
Subverting the kernel is not equivalent to subverting any/all running
processes; the former is significantly stronger than the latter. As a
simple example, if you have hardware on your system that the kernel
ignores[%], subverting all running processes still won't allow you to
access it, but subverting the kernel potentially will.
[%] For whatever reason - perhaps because it doesn't understand it, or
perhaps because support is configured out.
In some cases, of course, subverting certain processes may allow you to
subvert the kernel, if the kernel trusts one of those processes
sufficiently highly (eg, allows it to load arbitrary LKMs). That
doesn't make them equivalent, except perhaps in the case of that setup.
der Mouse
mouserodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
- Next message: Thompson, Zach, CPG: "Re: The WebTV Email Exploit"
- Previous message: Jim Frost: "Re: Handspring Visor Network HotSync Security Hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Fri Jan 07 2000 - 14:42:03 CST