RE: Future Linux devel. Kernels

• Next message: Igmar Palsenberg: "Re: Future Linux devel. Kernels"
• Previous message: Ian Carr-de Avelon: "PC speaker driver"
• Next in thread: Simon Richter: "RE: Future Linux devel. Kernels"
• Reply: Simon Richter: "RE: Future Linux devel. Kernels"
• Reply: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Maybe reply: Jesse Pollard: "RE: Future Linux devel. Kernels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > It doesn't work.
>
> It works beautifully. As long as intruder does not know where exactly
> traps are placed he can not avoid traps. Will it work as long time defence
> against scilled cracker SPECIALLY directed against you ? Probably not.
> Will it stop most crackers ? For sure. As long as traps are NOT common and
> thus not known to majority of crackers!

Traps are common, as long as the intruder knows what he is looking for. A
very better idea is to secure programs, and avoid programs running as
root.

BSDI also has a mode like this, the kernel secure levels. Basically means
that some operations are disabled, and the only was to switch the level is
from init 1 :-))

The 'main' risk if someone gets in that he replaces system bins.. So the
only way to detect this is a proper logging system, that cannot be
modified without someone noticing.

> > The main 'problem' is that someone that has root is god.
>
> For now (till "Trusted Linux" not invented).
>
> > The only was to make sure we nail the guy is to make sure we can
> > trace what he did.
> >
> Exactly.
>
> > If the guy (girl) really know what he is doing he is able to wipe his
> > traces..
> >
> Hah. ONLY if he (she) will feel NEED to track "that style traces as well".
> See above.

Not wiping your traces degrades someone to script kiddie. And I hate
those..

> > Nothing is safe agains an editor and someone who has root and know about
> > /dev/kmem
> >
> Again: if /dev/kmem is readable on system :-)

It is as root.. And it it is not as root, what's the use of /dev/kmem ?

 
> > Keeping the guy outside is a better start to focus on.
> >
> For sure.
>
> > > Compiler tools can be easily transferred and even magic number can be moved
> > > to aleady cracked host (it can be easier). The only bullet-proof way here is
> > > PGP-like signatures and I doubt we want THAT in kernel.
> >
> > Ah well... At least I then have some time to get some coffee during a ls
> > :-)
> >
> :-))

        Regards,

                Igmar

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Igmar Palsenberg: "Re: Future Linux devel. Kernels"
• Previous message: Ian Carr-de Avelon: "PC speaker driver"
• Next in thread: Simon Richter: "RE: Future Linux devel. Kernels"
• Reply: Simon Richter: "RE: Future Linux devel. Kernels"
• Reply: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Maybe reply: Jesse Pollard: "RE: Future Linux devel. Kernels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:11 EST