[Dailydave] DR Linux 2.6 rootkit released
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Sep 4 20:14:25 EDT 2008
On Fri, 05 Sep 2008 01:45:33 +0430, Mohammad Hosein said:
> i'm probably 2-3 days far from examining this myself , but if anyone out
> there have ideas on how this whole debug register hooks and stuff would
> react on "hardened" kind of kernels ( like the one gentoo offers ) let us
You'd probably need to examine each "hardened" kernel to see if their particular
mix of hardening features includes anything to stop this particular rootkit.
If the particular kernel doesn't address it, the rootkit won't care. There's
too many different "hardened" kernels out there, with varying degrees of
hardening and sanity of security posture, across the entire spectrum of
"not really hardened" to "misguided cargo-cult hardening" to "truly bulletproof"
that making a generic judgment is pointless.
And note that even the "truly bulletproof" ones will probably yield when
faced with a sufficiently high caliber artillery shell... ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20080904/b142b61d/attachment.pgp
More information about the Dailydave
mailing list