Re: LKM rootkits in 2.6.x
From: Horst von Brand
Date: Thu Mar 11 2004 - 15:42:25 EST
Christophe Saout <christophe@xxxxxxxx> said:
> Am Do, den 11.03.2004 schrieb Dave Jones um 19:48:
> > Don't bet on it. They'll just start doing what binary-only driver vendors
> > have been doing for months.. If the table isn't exported, they find a
> > symbol that is exported, and grovel around in memory near there until
> > they find something that looks like it, and patch accordingly.
> Ugh... this sounds ugly. This should be forbidden. I mean, what are
> things like EXPORT_SYMBOL_GPL for if drivers are allowed to patch
> whatever they want?
It _is_ forbidden. This isn't any kind of accident we are talking about,
this is out and out fraud.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/