Bugtraq mailing list archives
Re: Re[2]: snooper watchers
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Wed, 1 Mar 1995 21:06:41 +0000 (GMT)
The best thing to do is take the nit support out of the kernel and remove /dev/nit. Now someone would have to build a new kernel and reboot the machine to replace the nit support.is it not possible for a hacker to set his own boot device before performing his reboot, and then reset it back to whatever-it-was later? ie by messing with /dev/openprom or whatever its calledSounds too complex to me...
im told you can specify devices on a reboot command line anyway, so its not even that complicated. But, this is interesting:
If you take out NIT, I know of two ways I can put it back in WITHOUT rebooting.
Whats the two ways?
Modifying running kernels isn't all that hard.
Doesnt 'how hard it is' depend on the modifications you're making?
Remember, anything is possible...
Is it still possible if we disallow opening of /dev/[k]mem for write?
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk
|
Current thread:
- Re: Re[2]: snooper watchers fast forward futurama (Mar 01)
- Re: Re[2]: snooper watchers System Administrator (Mar 02)
- Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 02)
- Re: Large security hole in SGI IRIX 5.2 Christian A. Ratliff (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Software Test Account (Mar 07)
- Re: Large security hole in SGI IRIX 5.2 Steve Robbins (Mar 10)
- Re: Large security hole in SGI IRIX 5.2 Christian A. Ratliff (Mar 03)
- <Possible follow-ups>
- Re: Re[2]: snooper watchers F. L. Charles Seeger III (Mar 01)
- Re: snooper watchers der Mouse (Mar 01)