[ale] Memory leak (hacked?)

Chris Ricker kaboom at gatech.edu
Mon Apr 12 17:08:15 EDT 2004


On Wed, 7 Apr 2004, Joe Knapka wrote:

> Or, you may be hacked. A clever intruder can insert modules
> into the kernel (which is why a public server shouldn't have
> module load/unload enabled), and can also hide the fact that
> he's done so. A malicious module that simply allocated
> pages as fast as it could would cause the behavior you're
> seeing.

Common misperception, but it actually makes no difference. Even if you
disable module loading / unloading, attackers can still insert LKMs. 
Modern linux rootkits do exactly this....

later,
chris



More information about the Ale mailing list