Azitech

Azimout's Linux weblog

strict_devmem

leave a comment »

A presentation at the recent Black Hat Europe ’09 conference (in Amsterdam, NL) describes how to install a linux kernel rootkit by exploiting the /dev/mem interface.

The author admits that the STRICT_DEVMEM configuration option would mitigate this threat. Running grep STRICT_DEVMEM /boot/config-2.6.28-11-generic on my Jaunty kernel’s configuration file tells me I have this option enabled:

CONFIG_STRICT_DEVMEM=y

I don’t know what’s the situation on older releases, or on different distros.

Advertisements

Written by azimout

28/04/2009 at 00:24

Posted in News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: