6 comments

[ 3.4 ms ] story [ 25.8 ms ] thread
I was expecting a kernel vulnerability. This is really more of an exploit payload.
How is this any different from a standard root kit? It is not a remote hack and requires elevated perms on the machine. This could be a shadowed binary blob and achieve the exact same thing.

With that said , are they technically in breach of GPLv2 ?

As I understand the GPL, they would need to provide source code to people they distribute binaries to...

So in practice, they are probably complying with the GPL.

So, If the USA spy infected my computer with malicious Linux kernel module which use GPL protected kernel APIs, Can I demand the source code?
You'd probably need to prove they provided the infection.
Only works on CentOS 6. Also not a vulnerability but a payload. Interesting tool tho.