HN

Need help?
<- Back
A free and open-source rootkit for Linux

A free and open-source rootkit for Linux

jwilk

Comments (32)

  • jraph
    > If one did wish to use Singularity for nefarious purposes, however, the code is MIT licensed and freely available — using it in that way would only be a crime, not an instance of copyright infringement.Too bad the author picked the MIT license. Had they picked (A)GPL, it would have forced the criminals to distribute a copy of LICENSE.TXT alongside their improved copy of the source code on systems they compromise. Failing this, using it in that way would be both a crime and an instance of copyright infringement.Although, it occurs to me that if they don't give credits to the original author, it's also already a copyright infringement under the MIT.
  • bmitch3020
  • exabrial
    > Users who feel their computers are too secure can install the Singularity kernel module in order to allow remote code execution, disable security features, and hide files and processes from normal administrative tools.Hah
  • kazinator
    Sorry, I like my rootkits proprietary, closed-source, with a click-through/shrinkwrap EULA.
  • markus_zhang
    Ah this is so interesting. Rootkits are difficult to implement already, and RE them definitely is another level. Now we have a guidance.
  • TacticalCoder
    > The Ftrace mechanism can be disabled at run time, of course — so Singularity helpfully enables it automatically and blocks any attempts to turn it off.Can a kernel be compiled with Ftrace forced off? If it can be disabled at runtime, I take it it's not mandatory for the kernel to work. And I don't just mean off: I mean striping the Ftrace code path (dead code elimination or whatever).I'm also interested in other measures, like a unified kernel moreover without the ability to load modules but this is not what my question is about. I'd like to know if Ftrace can just be turned off for good at kernel compile time.
  • sabdarmdhn
    Since i dont know about Linux Rootkit, isnt this gonna raise the potential of Cyberattack?
  • XorNot
    Man I just discovered this as a good guide on how to exceed the normal limits on Linux kernel modules.Been working on a derviative which hooks the VFS to allow dynamically remapping file paths on a per process basis so I can force badly behaved apps to load custom TLS certificates (looking at you Bazil builds in nixpkgs).(If anyone knows something which already does this it would save me a lot of yak shaving)
  • siliconunit
    as much as I'm all for the freedom of knownledge, given the sorry state of the world, releasing these tools to imbecils is not peak foresight.. mcafee for linux next ha../s