[1143] in bugtraq
Re: Re[2]: snooper watchers
daemon@ATHENA.MIT.EDU (Michael Neuman)
Wed Mar 1 13:51:24 1995
From: Michael Neuman <mcn@c3serve.c3.lanl.gov>
To: karl@bagpuss.demon.co.uk (Karl Strickland)
Date: Wed, 1 Mar 1995 11:14:41 -0600 (CST)
Cc: rnayfield@mail.iconnet.com, proff@suburbia.apana.org.au, jna@concorde.com,
bugtraq@fc.net
In-Reply-To: <199503011357.NAA16859@bagpuss.demon.co.uk> from "Karl Strickland" at Mar 1, 95 01:57:27 pm
> > The best thing to do is take the nit support out of the kernel and
> > remove /dev/nit. Now someone would have to build a new kernel and
> > reboot the machine to replace the nit support.
> >
> is it not possible for a hacker to set his own boot device before performing
> his reboot, and then reset it back to whatever-it-was later? ie by messing
> with /dev/openprom or whatever its called
Sounds too complex to me...
If you take out NIT, I know of two ways I can put it back in WITHOUT
rebooting. Modifying running kernels isn't all that hard. Remember,
anything is possible...
-Mike
mcn@EnGarde.com
En Garde Systems
Computer Security Software and Consulting
