|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Exploit or trojan
From: dav (dav
r00tworld.com)
Date: Fri Dec 19 2003 - 08:36:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Felipe Franciosi [ozzybugtterra.com.br] a écrit:
> > Oops.
> >
> > Such kind of kernel backdoors (e.g. loadable kernel modules) are also
> > present for Solaris, *BSD and Windows systems. If you are unsure whether
> > someone has compromised your system, don't trust the system's kernel!
>
> Yeah you are right! I was just reading about coding solaris kernel
> modules. It is pretty easy, actually. Anyone can find a lot of
> documents on google.
>
> A little addition here: Some Linux backdoors (Suckit, for example)
> doesn't work as a kernel module. It just opens /dev/kmem and patch
> it on the fly. It is still detectable, though, trought some imple-
> mentation flaws or checking mechanisms that verify the kernel
> syscall table integrity.
For solaris systems, you can look at papillon kernel module. This module
try to make same than gr-security for linux kernel...
I'm using it on production servers, and I've no trouble to report after
one year.
http://www.roqe.org/papillon/
dav.
--
PGP: http://www.r00tworld.com/~dav/dav.gpg
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]