|
Dailydave
mailing list archives
Re: DR Linux 2.6 rootkit released
From: Valdis.Kletnieks () vt edu
Date: Thu, 04 Sep 2008 20:14:25 -0400
On Fri, 05 Sep 2008 01:45:33 +0430, Mohammad Hosein said:
i'm probably 2-3 days far from examining this myself , but if anyone out
there have ideas on how this whole debug register hooks and stuff would
react on "hardened" kind of kernels ( like the one gentoo offers ) let us
You'd probably need to examine each "hardened" kernel to see if their particular
mix of hardening features includes anything to stop this particular rootkit.
If the particular kernel doesn't address it, the rootkit won't care. There's
too many different "hardened" kernels out there, with varying degrees of
hardening and sanity of security posture, across the entire spectrum of
"not really hardened" to "misguided cargo-cult hardening" to "truly bulletproof"
that making a generic judgment is pointless.
And note that even the "truly bulletproof" ones will probably yield when
faced with a sufficiently high caliber artillery shell... ;)
Attachment:
_bin
Description:
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
- Re: DR Linux 2.6 rootkit released, (continued)
| 
Intro
