Re: LKM rootkits in 2.6.x

From: Christophe Saout
Date: Thu Mar 11 2004 - 15:45:49 EST

Next message: Hugo Mills: "Netdev watchdog time-out (with natsemi driver?)"
Previous message: Chris Mason: "[PATCH] race in mempool_alloc/free"
In reply to: Horst von Brand: "Re: LKM rootkits in 2.6.x"
Next in thread: Dave Jones: "Re: LKM rootkits in 2.6.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Do, den 11.03.2004 schrieb Horst von Brand um 21:33:

> > > Don't bet on it. They'll just start doing what binary-only driver vendors
> > > have been doing for months.. If the table isn't exported, they find a
> > > symbol that is exported, and grovel around in memory near there until
> > > they find something that looks like it, and patch accordingly.
>
> > Ugh... this sounds ugly. This should be forbidden. I mean, what are
> > things like EXPORT_SYMBOL_GPL for if drivers are allowed to patch
> > whatever they want?
>
> It _is_ forbidden. This isn't any kind of accident we are talking about,
> this is out and out fraud.

I'm talking about binary modules, not rootkits. Vendors aren't doing
forbidden things, are they?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hugo Mills: "Netdev watchdog time-out (with natsemi driver?)"
Previous message: Chris Mason: "[PATCH] race in mempool_alloc/free"
In reply to: Horst von Brand: "Re: LKM rootkits in 2.6.x"
Next in thread: Dave Jones: "Re: LKM rootkits in 2.6.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]