[747] in bugtraq
Re: Hijacking tool
daemon@ATHENA.MIT.EDU (Jim Duncan)
Tue Jan 24 19:28:12 1995
To: Eric Conrad <econrad@bu.edu>
Cc: Paul Ferguson <paul@hawksbill.sprintmrn.com>, bugtraq@fc.net
In-Reply-To: Your message of "Tue, 24 Jan 1995 11:37:28 EST."
<Pine.SUN.3.90.950124112918.4999B-100000@it>
Date: Tue, 24 Jan 1995 17:34:17 -0500
From: Jim Duncan <jim@math.psu.edu>
Eric Conrad writes:
> The measures described to prevent this (disabling loadable kernel
> modules) seem pointless -- if the attackers have root, they can
> rebuild the kernel to do anything they want.
Hacker's don't reboot -- it generates too much attention. They are much
happier to use kernel-loadable modules and keep quiet.
This is one reason I hated the idea of kernel-loadable modules when they
were introduced. But everything has its good and bad effects.
Jim
