Mac Security: Identifying Changes to the File System
Subject:   Mac OS X Rootkits
Date:   2005-10-09 06:21:54
From:   peterhickman
Response to: Mac OS X Rootkits

To be honest I never thought that opener was a rootkit as it did very little to evade detection. The problem for OS X rootkits is that they all seem to require the the victim to install the devtools and run stuff as root.

Can't quite work out why osxrk supplies a version of nc as it is already provided , at least in Tiger.

To give a feel for the lack of development we have this from the Togroot README.

Once loaded, Togroot will give you the ability to obtain root access simply by typing "/givemeroot" and typing "su", for example.
cp -R /path/to/togroot.kext /system/library/extensions/togroot.kext
Add sudo to the beginning if you are not currently root.

So to install a rootkit to give you root access to a system you require root access, deeply flawed in my mind.

One day there will be a credible rootkit for OS X, but today I am not too worried.

1 to 1 of 1
  1. Mac OS X Rootkits
    2005-10-12 16:38:18  hard-mac [View]

    • Mac OS X Rootkits
      2005-10-13 13:58:41  peterhickman [View]

1 to 1 of 1