Ilya V. Matveychikov
Ilya V. Matveychikov
@alexandernst I think proc interface is a good choice for that purporse. Sysctl not the best one as I see it.
@alexandernst procfs allows to read one file to get meny things (list of broken syscalls, for ex.) I don't think that sysctl does it as well as proc besides of...
@alexandernst procfs is the simplier one :)
OK ``` $ uname -a Linux rootbox 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:31:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux ```
After malicious module loaded it could change its name which is actually stored in `struct module` structure.
Having this whitelist based on just names not a good idea at all as any module can mimic to whitelisted one. No suggestions just some thoughts about this.
Yeah, I saw it. Created by me just to have issue and the sample. Sent from my iPhone > On Dec 19, 2017, at 18:15, Alexander Krizhanovsky wrote: > >...
Hey, thanks for replying. I should have started with the description, so let me clarify the idea. Most of kernel exploits start with information gathering phase which consists of steps...
> The main issue of this proposal is possible complexity of its implementation. @wladmis Seriously? It takes 1% of LKRG complexity to implement that and it gives 99% of LKRG's...
> To be clear: that notice about complexity was about my proposal of reading filtering, not about your. @wsandin Got it, sorry.