Kernel rootkits are tough enough to detect, but now a researcher has demonstrated an even sneakier method of hacking Linux.The attack attacks exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware processes, hijack system calls, and open remote backdoors into the machine, for instance. At Black Hat Europe this week in Amsterdam, Anthony Lineberry, senior software engineer for Flexilis, will demonstrate how to hack the Linux kernel by exploiting the driver interface to physically addressable memory in Linux, called /dev/mem.
"One of bonuses of this [approach] is that most kernel module rootkits make a lot noise when they are inserting [the code]. This one is directly manipulating" the memory, so it's less noticeable, he says.
Linux system administrators typically aren't aware of the potential dangers of leaving /dev/mem exposed. Lineberry says his goal is to educate them on this potential security hole.
And there's now a way to defend against such an attack, too: the Linux development community recently issued a patch to locks down /dev/mem, limiting read and write access from the outside, he says.
Read more.
netizens left a footprint.