RE: Future Linux devel. Kernels

From: Igmar Palsenberg (
Date: Mon May 08 2000 - 07:37:31 EST

> > It doesn't work.
> It works beautifully. As long as intruder does not know where exactly
> traps are placed he can not avoid traps. Will it work as long time defence
> against scilled cracker SPECIALLY directed against you ? Probably not.
> Will it stop most crackers ? For sure. As long as traps are NOT common and
> thus not known to majority of crackers!

Traps are common, as long as the intruder knows what he is looking for. A
very better idea is to secure programs, and avoid programs running as

BSDI also has a mode like this, the kernel secure levels. Basically means
that some operations are disabled, and the only was to switch the level is
from init 1 :-))

The 'main' risk if someone gets in that he replaces system bins.. So the
only way to detect this is a proper logging system, that cannot be
modified without someone noticing.

> > The main 'problem' is that someone that has root is god.
> For now (till "Trusted Linux" not invented).
> > The only was to make sure we nail the guy is to make sure we can
> > trace what he did.
> >
> Exactly.
> > If the guy (girl) really know what he is doing he is able to wipe his
> > traces..
> >
> Hah. ONLY if he (she) will feel NEED to track "that style traces as well".
> See above.

Not wiping your traces degrades someone to script kiddie. And I hate

> > Nothing is safe agains an editor and someone who has root and know about
> > /dev/kmem
> >
> Again: if /dev/kmem is readable on system :-)

It is as root.. And it it is not as root, what's the use of /dev/kmem ?

> > Keeping the guy outside is a better start to focus on.
> >
> For sure.
> > > Compiler tools can be easily transferred and even magic number can be moved
> > > to aleady cracked host (it can be easier). The only bullet-proof way here is
> > > PGP-like signatures and I doubt we want THAT in kernel.
> >
> > Ah well... At least I then have some time to get some coffee during a ls
> > :-)
> >
> :-))



To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:11 EST