Re: Kernel Rootkits

From: Malita, Florin
Date: Fri Apr 15 2005 - 12:35:41 EST

Next message: Alan Cox: "Re: Adaptec 2010S i2o + x86_64 doesn't work"
Previous message: Andi Kleen: "Re: [RFC][x86_64] Introducing the memmap= kernel command line option"
In reply to: Richard B. Johnson: "Re: Kernel Rootkits"
Next in thread: Lee Revell: "Re: Kernel Rootkits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2005-04-15 at 13:16 -0400, Richard B. Johnson wrote:
> I'm not sure there really are any "kernel" rootkits. You need to be
> root to install a module and you need to be root to replace a kernel
> with a new (possibly altered) one. If you are root, you don't
> need an exploit.

rootkit != exploit

The exploit is used to gain root privileges while the rootkit is used
after that to install & hide backdoors, sniffers, keyloggers etc.

http://en.wikipedia.org/wiki/Rootkit

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: Adaptec 2010S i2o + x86_64 doesn't work"
Previous message: Andi Kleen: "Re: [RFC][x86_64] Introducing the memmap= kernel command line option"
In reply to: Richard B. Johnson: "Re: Kernel Rootkits"
Next in thread: Lee Revell: "Re: Kernel Rootkits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]