[1145] in bugtraq
Re: Re[2]: snooper watchers
daemon@ATHENA.MIT.EDU (Karl Strickland)
Wed Mar 1 18:29:44 1995
From: Karl Strickland <karl@bagpuss.demon.co.uk>
To: Michael Neuman <mcn@c3serve.c3.lanl.gov>
Date: Wed, 1 Mar 1995 21:06:41 +0000 (GMT)
Cc: rnayfield@mail.iconnet.com, proff@suburbia.apana.org.au, jna@concorde.com,
bugtraq@fc.net
In-Reply-To: <199503011722.KAA09459@c3serve.c3.lanl.gov> from "Michael Neuman" at Mar 1, 95 11:14:41 am
>
> > > The best thing to do is take the nit support out of the kernel and
> > > remove /dev/nit. Now someone would have to build a new kernel and
> > > reboot the machine to replace the nit support.
> > >
> > is it not possible for a hacker to set his own boot device before performing
> > his reboot, and then reset it back to whatever-it-was later? ie by messing
> > with /dev/openprom or whatever its called
>
> Sounds too complex to me...
im told you can specify devices on a reboot command line anyway, so its not
even that complicated.
But, this is interesting:
> If you take out NIT, I know of two ways I can put it back in WITHOUT
> rebooting.
Whats the two ways?
> Modifying running kernels isn't all that hard.
Doesnt 'how hard it is' depend on the modifications you're making?
> Remember,
> anything is possible...
Is it still possible if we disallow opening of /dev/[k]mem for write?
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
