Bugtraq mailing list archives
Re: ANNOUNCE: Medusa DS9 security system
From: bednar () RAK ISTERNET SK (Juraj Bednar)
Date: Thu, 17 Feb 2000 14:53:15 +0100
Hello,
the fact that your program has both a userspace and a kernel-space component makes it almost immediately suspect as "vulnerable". kind of funny for me to get to reply to a "security tool" announcement with a notice-of-warning.
Send exploit, I'll be interested. I use medusa as a tester for production systems too. Okay, another point of view -- the communication with user-space daemon is very well protected. You can tell the kernel to halt if the constable daemon falls. But using medusa doesn't mean you have a secure server -- everything depends on configuration file.
has the source to the userspace module been audited yet? hopefully by someoen other than the authors?
I think, that it isn't. But I think, that's the reason authors numbered it 0.7.9 and posted here. I really trust this system, it's been under heavy development of very good people. But at least you have to protect kernel memory, communication device, constable daemon, etc. The funny way to do is to put all software, that has something to do with network into another virtual space. This makes network hack very hard (because having uid=0 by hacking remotely here means almost nothing).
that last part sounds like it might make, with a few mods, a great 3l33t h@x0r tool :) perhaps it might be most useful to someone good enough to
for hacker tools look for heroin or something like that, it's more usable. This is really a security system. Just try and then talk about it... When you talk, it is vulnerable, send exploit Juraj.
Current thread:
- Timbuktu Pro 2.0b650 DoS Laurent LEVIER (Feb 11)
- Re: Timbuktu Pro 2.0b650 DoS Dale Whitchurch (Feb 14)
- Re: Timbuktu Pro 2.0b650 DoS deepquest () NETSCAPE NET (Feb 18)
- ANNOUNCE: Medusa DS9 security system Milan WWW Pikula (Feb 15)
- Re: ANNOUNCE: Medusa DS9 security system elijah wright (Feb 15)
- Re: ANNOUNCE: Medusa DS9 security system Juraj Bednar (Feb 17)
- Re: ANNOUNCE: Medusa DS9 security system elijah wright (Feb 15)
- New Tool for DDoS Defense Simple Nomad (Feb 15)
- Re: New Tool for DDoS Defense David Brumley (Feb 17)
- Re: Timbuktu Pro 2.0b650 DoS Dale Whitchurch (Feb 14)