Well, a rootkit can be installed if you can get uid 0 (root) on the machine.<br>Once you've got ring 0 access , you can do anything, without the aide<br>of the kernel. It's just one of those things that monolithic kernels suffer<br>from, there's a lot of code running in ring 0 , and if that code has exploits<br>it's easy to take control of the entire system.<br><br>Prevention is better than the cure, and there are tools , hardware and<br>best practices that can reduce your expose to zero day rootkits..<br><br>Looking at advisories, these seem pretty old kernel's, and if you don't<br>patch you asking for trouble.<br><br>Microkernel operating systems have hope of improving this situation,<br>but while the kernel run is one large shared address space then a full machine<br>compromise is still possible. Microkernels run their services in user space<br>so the amount of ring 0 code is very small. that's good for security! :-)..<br><br>in fact, booting from cdrom is an interesting
idea, I've not seen anything<br>yet that can write to a full cd twice..so boot from cdrom and you know<br>you'll never have a persistent rootkit!!! it's not practical...but!! <br> I read somewhere of security researchers using command<br>blockers on harddisks which prevent any write access to the drive in hardware,<br>unless you flick a physical switch..<br><br>it might not save you from attack, but it's harder for the rootkit persist after<br>a power cycle.<br><br>Again, a background daemon that verified kernel code in real time would<br>be able to detect memory injection attacks , in fact gordon you may<br>have gave me and idea for a project. ;-)<br><br>someone could rewrite your bios, and store the rootkit there.... paranoid...<br>you will be.<br><br><br><br><b><i>gordon dunlop <astrozubenel@googlemail.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> The news this week
is about Linux botnets, this has been going on for<br>the past year or so. It is not about the security of Linux or Apache<br>but about the security of data centers. A data center holds<br>information about farms of servers that operate Linux servers and<br>holds pertinent information including root passwords of servers that<br>operate thousands of web sites. a root kit can only deployed on Linux<br>servers if the root password is known. Data centers can be<br>compromised, electronically this can be hard, easier to get an<br>employee to get the necessary information. So security is not just<br>electronically but also human, this is just conjecture but until the<br>security leak is defined and answered then the problem is not solved.<br>It begs the question, how often must one change the security password<br>in case of compromise of upstream systems. To all the ethical hackers<br>this presents an opportunity for your ideas of security and how to<br>create secure systems to
minimize this type of occurrence. I hope this<br>gives you brain storming ideas.<br><br>Gordon<br><br>_______________________________________________<br>dundee GNU/Linux Users Group mailing list<br>dundee@lists.lug.org.uk http://dundee.lug.org.uk<br>https://mailman.lug.org.uk/mailman/listinfo/dundee<br>Chat on IRC, #tlug on dundee.lug.org.uk<br></blockquote><br><p> 
<hr size=1> Sent from <a href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=51949/*http://uk.docs.yahoo.com/mail/winter07.html">Yahoo!</a> - a smarter inbox.