Re: LKM rootkits in 2.6.x

From: Christophe Saout
Date: Thu Mar 11 2004 - 15:45:49 EST

Am Do, den 11.03.2004 schrieb Horst von Brand um 21:33:

> > > Don't bet on it. They'll just start doing what binary-only driver vendors
> > > have been doing for months.. If the table isn't exported, they find a
> > > symbol that is exported, and grovel around in memory near there until
> > > they find something that looks like it, and patch accordingly.
> > Ugh... this sounds ugly. This should be forbidden. I mean, what are
> > things like EXPORT_SYMBOL_GPL for if drivers are allowed to patch
> > whatever they want?
> It _is_ forbidden. This isn't any kind of accident we are talking about,
> this is out and out fraud.

I'm talking about binary modules, not rootkits. Vendors aren't doing
forbidden things, are they?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at