Language Selection

English French German Italian Portuguese Spanish

Do you need to worry about the new /dev/mem rootkit problem?

Filed under

A new paper was presented in late March about using /dev/mem to inject and hide a rootkit (PDF), and the method has been getting some press, leading to a little concern. The first thing that you should understand is that this class of attack has been used before. We know how to protect against it.

If you read the paper, you'll find out two things:

1. We need a way to write to /dev/mem as a regular user, and
2. There's a kernel config which protects against this mechanism.

rest here

More in Tux Machines

Data indicates that Android picked up global market share from iOS last month

Tracking mobile web traffic, NetMarketShare computes the market share for mobile operating systems. Based on the data from last month, Android was able to widen its gap over iOS globally. Considering that the Apple iPhone 6s and Apple iPhone 6s Plus weren't launched until September 25th, the recently released phones accounted for a miniscule part of the data. The new models won't have a major effect on the results until the figures for this month are released. Read more

RapidDisk / RapidCache 3.4 now available.

RapidDisk is an advanced Linux RAM Disk which consists of a collection of modules and an administration tool. Features include: Dynamically allocate RAM as block device. Use them as stand alone disk drives or even map them as caching nodes to slower local disk drives. I pushed 3.4 into the mainline earlier this morning. Changes include:
  • Added ability to autoload RapidDisk volumes during module insertion.
  • Fixed bug in RapidDisk (volatile) volume size definition across 32 to 64 bit types.
  • Making use of BIT() macro in the driver.
  • Removed RapidDisk-NV support. It was redundant with the recently kernel integrated pmem code.
You can pull it from the git, yum, ZYpp & apt repos or download it from the SourceForge project page. To stay updated, you can follow the RapidDisk Google+ page.