Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: History Files

From: crispin () WIREX COM (Crispin Cowan)
Date: Sun, 16 Apr 2000 00:56:33 +0000

Dragos Ruiu wrote:


IMHO the process accounting or piping everyone through some sort of logging
ptys would be the only feasible ways to pseudo-reliably do this. Bash_history
is a good aid, but likely a poor primary security mechanism.


I completely agree; that was more or less the point I was making.  If the user has a shell to
start with, then they can do controlled exec's, and the shell logging game is over.

Of course, in the last half hour about 12 other people have also made this point, so it's not
so interesting any more :-)  "Process accounting" sounds promising, but I'm not that familiar
with Linux's accounting capabilities.  For more secure logging, people might want to check out
this project to add BSM logging to linux  http://soledad.cs.ucdavis.edu/ .  There's also an
enhanced audit project here  http://www.postech.ac.kr/~jong/WEB/files.html

I'm not that up on these things, as my research  http://immunix.org/ is aimed at preventing
the attacer from ever getting to run code on my machine, while still providing a rich set of
services.  IMHO, it is spectacularly difficult to provide effective security partitioning on a
multi-user machines (it can be done, but it's hard, and it makes the machine inconvenient to
use).  Since PCs are so cheap, just give each user their own machine, rather than giving them
a server login account.

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org
                  JOBS!  http://immunix.org/jobs.html
Previous By Date Next
Previous By Thread Next

Current thread: