Dailydave mailing list archives
Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns
From: "Rodrigo Rubira Branco (BSDaemon)" <rodrigo () kernelhacking com>
Date: Tue, 15 May 2007 12:04:00 -0000
With auto-learning system this behavior will be learned, but you can edit the generated rules and write what do you want to write. Also, you have the 'rules pattern' as you have in selinux. Auto-learning just turn possible to everyone protect systems. You are not thinking about big companies, with big old-systems, with old-administrators, trying to setup a 'secure' environment... I really think is better permit sshd to write to /etc/shadow than permit everything. The question here is you (and others who don´t like auto-learning systems) is trying to convince yourself (and others) the administrator must be skilled, or can´t be an administrator. Are you pretty sure this is true in most of situations? Cya, Rodrigo (BSDaemon). -- http://www.kernelhacking.com/rodrigo Kernel Hacking: If i really know, i can hack GPG KeyID: 5E90CA19 --------- Mensagem Original -------- De: Steve Grubb <sgrubb () redhat com> Para: dailydave () lists immunitysec com <dailydave () lists immunitysec com>, Rodrigo Rubira Branco BSDaemon <rodrigo () kernelhacking com> Assunto: Re: [Dailydave] On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Data: 15/05/07 10:44
On Monday 14 May 2007 15:18, Rodrigo Rubira Branco (BSDaemon) wrote: > Again our discussion (good discussion, tks for your position!) about > auto-learning ;) Let me give you a concrete example. If you have your passwords set to
expire
and normally let people into the machine by sshd and you have pam linked
in,
you will need sshd to be able to write to /etc/shadow. I would presume
that
auto-learning systems would go ahead and grant that access. The better solution is to create a minimalistic helper program that has
just
that capability and can only be run by the parent. It can be confined to
just
making the update and the parent which is network facing only able to exec that program. Auto learning systems cannot make architectural desicions like that. -Steve
________________________________________________ Message sent using UebiMiau 2.7.2 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Steve Grubb (May 14)
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Brad Spengler (May 14)
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Steve Grubb (May 14)
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Brad Spengler (May 14)
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Steve Grubb (May 14)
- <Possible follow-ups>
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Rodrigo Rubira Branco (BSDaemon) (May 14)
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Steve Grubb (May 15)
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns assault (May 14)
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Rodrigo Rubira Branco (BSDaemon) (May 15)
- Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns Brad Spengler (May 14)