Vulnerability Development mailing list archives
Re: Core Dump as an Intrusion Event
From: antirez <antirez () linuxcare com>
Date: Tue, 10 Oct 2000 02:48:42 +0200
On Sun, Oct 08, 2000 at 10:41:05PM +0300, Jarno Huuskonen wrote:
What about adding some code so it can be controlled thru the proc filesystem ? Like enabling/disabling logging, log only certain programs etc. (echo 1 > /proc/sys/kernel/core-logging) Does this sound feasible/sensible ?
Attached a patch and a module that implements /proc/sigsegv (FreeBSD sigsegv log style). See the README for usage. It's for linux 2.2.16 (likely 2.2.17). About a secure way to enable/disable the patch: using some kind of state global variable, like log_sigsegv = [01] it is anyway trivial to break. You may implement a lot of security checking in the module that gets the on/off commmand, but it's too simple to get the address of the simbol and change the value via /dev/kmem or just to compile a module that skip our silly checks. So use -DLOGSIGSEGV_PARANOID to obtain an hardcoded static logging. The patch is SMP-safe, since printk() should be safe. antirez p.s. linux kernel skilled guys in the list may suggest enanches or fixes. -- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.80 43 411 tel, +39.049.80 43 412 fax antirez () linuxcare com, http://www.linuxcare.com/ Linuxcare. Support for the revolution.
Current thread:
- Re: Core Dump as an Intrusion Event, (continued)
- Re: Core Dump as an Intrusion Event Erik Tayler (Oct 06)
- Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 06)
- Re: Core Dump as an Intrusion Event Crist Clark (Oct 07)
- Re: Core Dump as an Intrusion Event Kev (Oct 07)
- Re: Core Dump as an Intrusion Event antirez (Oct 08)
- Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 08)
- Re: Core Dump as an Intrusion Event Gigi Sullivan (Oct 09)
- Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 09)
- Re: Core Dump as an Intrusion Event Gigi Sullivan (Oct 11)
- Re: Core Dump as an Intrusion Event antirez (Oct 12)
- Re: Core Dump as an Intrusion Event antirez (Oct 09)
- Re: Core Dump as an Intrusion Event antirez (Oct 09)
- Re: Core Dump as an Intrusion Event Daniel Roesen (Oct 10)