[Gllug] Time Travel on Linux
Richard Jones
rich at annexia.org
Sun Oct 23 21:51:15 UTC 2005
On Sun, Oct 23, 2005 at 05:13:17PM +0100, Daniel P. Berrange wrote:
> Creating a new kernel space version of it would be pretty much
> impossible with a stock kernel, since sys_call_table is no longer
> exported to modules (a good thing BTW, since its primary use was
> letting rootkits override various system calls ;-)
Surely this is only a small hurdle for a rootkit - after all, they can
still poke any address in memory?
Having said that, encouraging modules to hook into syscalls, MS-DOS-
style, probably isn't a good thing :-)
Rich.
--
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list