Re: Future Linux devel. Kernels

• Next message: Mark Hahn: "Re:[PATCH] (for 2.3.99pre6) audit_ids system calls"
• Previous message: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Next in thread: Khimenko Victor: "Re: Future Linux devel. Kernels"
• Reply: Khimenko Victor: "Re: Future Linux devel. Kernels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Khimenko Victor <khim@dell.sch57.msk.ru> writes:

> On Mon, 8 May 2000, Igmar Palsenberg wrote:
>
> >
> > > > Well my thought was if you are running syslog on another box you would have
> > > > somewhat of a temperproof
> > > > system. For instance an intruder compromises root. loads a kernel module to
> > > > hide his/her activities. If modules are logged there's one more piece of
> > > > evidence that the system has been compromised. Right now (under 2.2 kernels)
> > > > I do not see any logs when I load (or remove) modules.
> > >
> > > It was discussed zillion times already. It was just called "non-executable
> > > stack". "One more layer of toilet paper" (instead of reliable lock) is NOT
> > > acceptable in mainstream kernel. It's security via obscurity. It WORKS.
> > > Really. But ONLY as long as it's not in mainstream kernel. Once such feature
> > > is in mainstream kernel it's in VERY short time added to "automagic cracker
> > > toolset" and then we have only bloat in kernel and no additional security
> > > at all. So implement it as local patch if you wish -- it'll help you more
> > > this way.
> >
> > It doesn't work.
>
> It works beautifully. As long as intruder does not know where exactly
> traps are placed he can not avoid traps. Will it work as long time defence
> against scilled cracker SPECIALLY directed against you ? Probably not.
> Will it stop most crackers ? For sure. As long as traps are NOT common and
> thus not known to majority of crackers!
>

It does not work.
Please read the 'Proposal LUID' and 'Security in general (was Re: Proposal "LUID")'
threads, where this was highly discuted.

-- 
		-- Yoann http://www.mandrakesoft.com/~yoann/
 It is well known that M$ product don't make a free() after a malloc(),
the unix community wish them good luck for their future developement.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Mark Hahn: "Re:[PATCH] (for 2.3.99pre6) audit_ids system calls"
• Previous message: Khimenko Victor: "RE: Future Linux devel. Kernels"
• Next in thread: Khimenko Victor: "Re: Future Linux devel. Kernels"
• Reply: Khimenko Victor: "Re: Future Linux devel. Kernels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:21 EST