Re: Disabling module loading with a module?

allbery@kf8nh.apk.net
Tue, 17 Aug 1999 18:59:20 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Elizabeth Chastain: "Re: ncurses foiled again"
Previous message: Matthew Kirkwood: "Re: Disabling module loading with a module?"
In reply to: Stanislav Krasilovskiy: "Simulating Packet Loss/Out of Order Arrival"

On 17 Aug, Horst von Brand wrote:
+-----
| > I must admit, the more I'm exposed to the cynisism of the list, the more I
| > begin to wonder if it would all be worth it, except for maybe the odd
| > university etc. Congratulations :-)
|
| I'ts not cynicism, it's just that this is a rather hard way to hide
| evidence, vermin will use simpler methods. They aren't this easy to stop,
| either.
+--->8

Regrettably false. I have copies of a "psmod" used by vermin attacking
Solaris systems, which hides processes from /proc (and therefore ps).
So far such a hacked module has been found installed on *every* Solaris
box we've found that had been cracked.

-- brandon s. allbery os/2,linux,solaris,perl allbery@kf8nh.apk.net system administrator kthkrb,heimdal,gnome,rt allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering kf8nh We are Linux. Resistance is an indication that you missed the point.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Elizabeth Chastain: "Re: ncurses foiled again"
Previous message: Matthew Kirkwood: "Re: Disabling module loading with a module?"
In reply to: Stanislav Krasilovskiy: "Simulating Packet Loss/Out of Order Arrival"