Re: LKM rootkits in 2.6.x

From: Horst von Brand
Date: Thu Mar 11 2004 - 15:42:25 EST

Next message: Chris Mason: "[PATCH] race in mempool_alloc/free"
Previous message: Adrian Bunk: "2.6.4-mm1: unknown symbols cauased by remove-more-KERNEL_SYSCALLS.patch"
In reply to: Tomasz Torcz: "Re: LKM rootkits in 2.6.x"
Next in thread: Christophe Saout: "Re: LKM rootkits in 2.6.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Christophe Saout <christophe@xxxxxxxx> said:
> Am Do, den 11.03.2004 schrieb Dave Jones um 19:48:

> > Don't bet on it. They'll just start doing what binary-only driver vendors
> > have been doing for months.. If the table isn't exported, they find a
> > symbol that is exported, and grovel around in memory near there until
> > they find something that looks like it, and patch accordingly.

> Ugh... this sounds ugly. This should be forbidden. I mean, what are
> things like EXPORT_SYMBOL_GPL for if drivers are allowed to patch
> whatever they want?

It _is_ forbidden. This isn't any kind of accident we are talking about,
this is out and out fraud.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Mason: "[PATCH] race in mempool_alloc/free"
Previous message: Adrian Bunk: "2.6.4-mm1: unknown symbols cauased by remove-more-KERNEL_SYSCALLS.patch"
In reply to: Tomasz Torcz: "Re: LKM rootkits in 2.6.x"
Next in thread: Christophe Saout: "Re: LKM rootkits in 2.6.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]