[1156] in bugtraq
Re: Re[2]: snooper watchers
daemon@ATHENA.MIT.EDU (Karl Strickland)
Thu Mar 2 15:16:22 1995
From: Karl Strickland <karl@bagpuss.demon.co.uk>
To: System Administrator <root@iifeak.swan.ac.uk>
Date: Thu, 2 Mar 1995 17:15:59 +0000 (GMT)
Cc: mcn@c3serve.c3.lanl.gov, rnayfield@mail.iconnet.com,
proff@suburbia.apana.org.au, jna@concorde.com, bugtraq@fc.net
In-Reply-To: <m0rk9Pf-000143C@iiit.swan.ac.uk> from "System Administrator" at Mar 2, 95 11:51:21 am
>
> > > Modifying running kernels isn't all that hard.
> > Doesnt 'how hard it is' depend on the modifications you're making?
> >
> On a typical BSD kernel finding suser() and altering the logic at that one
> critical point is not hard. I've not tried sys5.4 and some BSD variants seem
> to have it inlined now so its a bitch to do.
Yep hacking suser()'s idea of root's uid is an example of a trivial
modification, thats trivial to do. What the other guy was on about - loading
new (non-loadable, obviously) modules into a running kernel is distinctly
non-trivial in comparison; hence my point that it depends on the mods you're
making. Thats whay Im interested to hear the two ways.
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
