What is the point in the set_root function?

m0nad / Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Other

1.84k stars 431 forks source link

What is the point in the set_root function? #25

Closed ncorbuk closed 3 years ago

ncorbuk commented 3 years ago

What is the point in the give_root function to become root when you have to be root anywya to load LKMs? I don't get it sorry. Can you please explain it to me as i have seen this idea used in many other rootkits...

Thanks.

I also enjoyed your talk on rootkits on YT :)

ncorbuk commented 3 years ago

Yea i mean get_root function not set_root. Sorry.

m0nad commented 3 years ago

When an attacker gets root access, this is usually done via exploitation of a vulnerability or misconfiguration. If this vulnerability is fixed, then the attacker would lose access. But if the attacker installs a rootkit with this functionality, he/she can still have access later on.