SNARE and Ptrace?

From: Robert L. Harris (Robert.L.Harris@rdlg.net)
Date: Mon Mar 24 2003 - 17:20:27 EST

Next message: Ulrich Drepper: "clone or ptrace bug?"
Previous message: Chris Friesen: "Re: lmbench results for 2.4 and 2.5 -- updated results"
Next in thread: Arjan van de Ven: "Re: SNARE and Ptrace?"
Reply: Arjan van de Ven: "Re: SNARE and Ptrace?"
Reply: Alan Cox: "Re: SNARE and Ptrace?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Has anyone tested to see if "Snare" from intersectalliance.com can
detect someone executing a ptrace attack? An old company I used to work
for has a number of production kernels out and can't just upgrade them
all over night so they need a good detection method and short-term fix
if possible. In the past we had evaluated Snare which I pointed him to
but we're not sure if/how it might detect such an attack.

Thoughts/Theories?
Robert

:wq!
---------------------------------------------------------------------------
Robert L. Harris | PGP Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.

Diagnosis: witzelsucht

IPv6 = robert@ipv6.rdlg.net http://ipv6.rdlg.net
IPv4 = robert@mail.rdlg.net http://www.rdlg.net

application/pgp-signature attachment: stored

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ulrich Drepper: "clone or ptrace bug?"
Previous message: Chris Friesen: "Re: lmbench results for 2.4 and 2.5 -- updated results"
Next in thread: Arjan van de Ven: "Re: SNARE and Ptrace?"
Reply: Arjan van de Ven: "Re: SNARE and Ptrace?"
Reply: Alan Cox: "Re: SNARE and Ptrace?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Mar 31 2003 - 22:00:17 EST