Re: Is Windows Integrity Control in Vista really worth the performance hit? And does it really work?

["Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com>]

Hello Steve, tks for your reply!

> Any kernel exploit that allows writing to arbitrary kernel memory can
potentially defeat any kernel protection mechanism.

Sure, but i dont like any in the keyword... when you have pax + stmichael
you dont just need arbitrary kernel writting but also multiple writes  and
lots of things to discover...

> We got eal4+ without SE Linux as part of the eval.

Yeah, it depends of the TE of the certification, the new level and TE is
really dependent of selinux... in any way i have said about eal4+ just
because i seen in this link
http://www.internetnews.com/security/article.php/3551616

> > using the LSM framework... its more bugged than great (who don´t
agree with me??).
> I don't agree with you. I don't have any bug report in our bugzilla that
is traced to the kernel implementation.

Its a design error, not necessarily implementation one... because that we
see lots of discussion regarding how to remove it ;) I dont like so many
exported hooks in my kernel... in any way I wanna know your opinion about
another point that is learning-mode systems... i have a discussion about
that with Joshua in the past, but no conclusions...


cya,


Rodrigo (BSDaemon).




--
http://www.kernelhacking.com/rodrigo

Kernel Hacking: If i really know, i can hack

GPG KeyID: 5E90CA19

________________________________________________
Message sent using UebiMiau 2.7.2

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave