Re: Kernel Rootkits

On Fri, 2005-04-15 at 11:40 -0700, Daniel Souza wrote:
> A way to "protect" system calls is, after boot a trusted kernel image,
> take a MD5 of the syscalls functions implementations (the opcodes that
> are part of sys_read for example) and store it in a secure place.

That's the problem, once the kernel is compromised there's no such thing
as a secure place.  Solving this problem requires things like "trusted
computing" aka hardware support.

Lee

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: Kernel Rootkits
    • From: Daniel Souza <[email protected]>

• References:
  • Re: Kernel Rootkits
    • From: Allison <[email protected]>
  • Re: Kernel Rootkits
    • From: Daniel Souza <[email protected]>

• Prev by Date: Re: Kernel Rootkits
• Next by Date: Re: [SATA] status reports updated
• Previous by thread: Re: Kernel Rootkits
• Next by thread: Re: Kernel Rootkits
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]