RE: Future Linux devel. Kernels

• Next message: Igmar Palsenberg: "Re: Future Linux devel. Kernels"
• Previous message: Roman V. Shaposhnick: "Re: [PATCH]^2 address_space_operations unification"
• In reply to: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Next in thread: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Reply: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Well my thought was if you are running syslog on another box you would have
> > somewhat of a temperproof
> > system. For instance an intruder compromises root. loads a kernel module to
> > hide his/her activities. If modules are logged there's one more piece of
> > evidence that the system has been compromised. Right now (under 2.2 kernels)
> > I do not see any logs when I load (or remove) modules.
>
> It was discussed zillion times already. It was just called "non-executable
> stack". "One more layer of toilet paper" (instead of reliable lock) is NOT
> acceptable in mainstream kernel. It's security via obscurity. It WORKS.
> Really. But ONLY as long as it's not in mainstream kernel. Once such feature
> is in mainstream kernel it's in VERY short time added to "automagic cracker
> toolset" and then we have only bloat in kernel and no additional security
> at all. So implement it as local patch if you wish -- it'll help you more
> this way.

It doesn't work. The main 'problem' is that someone that has root is
god. The only was to make sure we nail the guy is to make sure we can
trace what he did.

If the guy (girl) really know what he is doing he is able to wipe his
traces..

> > I thinking about including a unique ID in the kernel that is generated
> > during compile time. All modules that are built must reference this ID. If I
> > transfer a kernel module binary from a different system it would be refused.
> > In order for me to build a new kernel module, I would have to build that
> > module under my kernel. If the systems doesn't have compiler tools, new
> > modules can't be easily installed.

Nothing is safe agains an editor and someone who has root and know about
/dev/kmem

Keeping the guy outside is a better start to focus on.

> Compiler tools can be easily transferred and even magic number can be moved
> to aleady cracked host (it can be easier). The only bullet-proof way here is
> PGP-like signatures and I doubt we want THAT in kernel.

Ah well... At least I then have some time to get some coffee during a ls
:-)

                Igmar

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Igmar Palsenberg: "Re: Future Linux devel. Kernels"
• Previous message: Roman V. Shaposhnick: "Re: [PATCH]^2 address_space_operations unification"
• In reply to: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Next in thread: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Reply: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:21 EST