Rootkit Hunter
Martin Marcher
martin.marcher at openforce.com
Sat Dec 23 11:00:03 UTC 2006
Hello,
Am 23.12.2006 um 11:48 schrieb Brian Fahrlander:
> Has anyone written a root kit as a 'hypervisor', to keep an eye
> on a
> Linux box? A white-hat tool for overseeing the whole show, so such a
> program can't be installed?
>
> I understand that a 'root kit' is different from a 'hypervisor'
> kinda exploit, but if a decent hypervisor is watching, and prevents
> one
> from taking root, that'd be useful now, wouldn't it?
I know that as a proof of concept a root kit has been written for
linux and windows that uses the virtualization technology and thus
runs outside the context of the OS, so there's no chance to detect it
by any means if the OS is running (does a vmware guest know that it
is a vmware guest?). But I don't know of anything that has been
written for a useful thing.
Although I read (I believe to remember that it was one of the last
linux magazines) how to utilize the TPM cheap to provide a secure boot.
martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2474 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20061223/038e78aa/attachment.bin>
More information about the ubuntu-users
mailing list