Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Exploit or trojan
From: dav (davr00tworld.com)
Date: Fri Dec 19 2003 - 08:36:57 CST
Felipe Franciosi [ozzybugtterra.com.br] a écrit:
> > Oops.
> > Such kind of kernel backdoors (e.g. loadable kernel modules) are also
> > present for Solaris, *BSD and Windows systems. If you are unsure whether
> > someone has compromised your system, don't trust the system's kernel!
> Yeah you are right! I was just reading about coding solaris kernel
> modules. It is pretty easy, actually. Anyone can find a lot of
> documents on google.
> A little addition here: Some Linux backdoors (Suckit, for example)
> doesn't work as a kernel module. It just opens /dev/kmem and patch
> it on the fly. It is still detectable, though, trought some imple-
> mentation flaws or checking mechanisms that verify the kernel
> syscall table integrity.
For solaris systems, you can look at papillon kernel module. This module
try to make same than gr-security for linux kernel...
I'm using it on production servers, and I've no trouble to report after