Re: Proposal "LUID"

• Next message: yoann@mandrakesoft.com: "Re: Proposal "LUID""
• Previous message: Jan Harkes: "Re: Proposal "LUID": CAPP requirements"
• In reply to: Austin Schutz: "Re: Proposal "LUID""
• Next in thread: Austin Schutz: "Re: Proposal "LUID""
• Reply: Austin Schutz: "Re: Proposal "LUID""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Austin Schutz wrote:
> > 1. The audit trail would show that you modified telnetd.
>
> No, because I didn't modify it. I found a buffer overrun and exploited
> it (or I exploited BIND, or sendmail, etc...) and never modified anything.

---
	But let's say we configured init to set_luid(daemon).  All of
a sudden we see user 'daemon' starting a shell.  *red flag*.  In fact,
if you had an event deamon monitoring the audit log, I could see it
shutting down that process in under 1 second, for example.  
>         As long as the machine has not been compromised, I agree. But it
> should not give one a false sense of being more secure.
---
	No it's only designed to measure that a security breach occurred
and what the intruder did.  No *increase* of security -- that's why
it is called "auditing".  If you want a security increase, the wait
until the Labeled Security Protection Profile (LSPP) is applied to
a Linux target.  That would provide serious ammo to defending a system.
Adding MAC and least priviledge, file-based capabilities, and non
executable stack and you have something a bit more tedious to break
into.  Considering 'root' access may mean nothing and there may be
no user on the system that has all Capabilities.  Root can be configured
to only be able to access certain files, daemons could be configured
to only be able to access the files they are supposed to, etc.
Would really rain on a cracker's parade.  Probably the best they could
do would be to bring down the system (like the DoS attacks).  Annoying,
but not security defeating.
Imagine the credit card database so that neither root nor http could access
it except through a secured program that neither could write to, etc.
Great fun...
-l
-- 
Linda Walsh @ SGI                | Core Linux - Trust Technology 
1200 Crittenden Lane MS:30-3-802 | Voice: (650) 933-5338
Mountain View, CA 94043          | Email: law@sgi.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: yoann@mandrakesoft.com: "Re: Proposal "LUID""
• Previous message: Jan Harkes: "Re: Proposal "LUID": CAPP requirements"
• In reply to: Austin Schutz: "Re: Proposal "LUID""
• Next in thread: Austin Schutz: "Re: Proposal "LUID""
• Reply: Austin Schutz: "Re: Proposal "LUID""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:12 EST