Kernel module for file protection ideas

["Just1n T1mberlake" <hotpackets () hellokitty com>]

Hello Security Professionals,

I have been thinking of ideas to stop many file attacks on Unix systems. 
When you find rootkits or other attack files on many Unix systems they will often try to hide their tracks by using 
filenames such as '...' and '/tmp/.X11-unix' etc.
I wish to write a kernel module (for linux initially) that will prevent such attacks. The kernel module in pseudo code:

module_file_create()
{
  if filename_in_list(badfiles) then
    error_cannot_create
  else
    call_real_file_create
}

where badfiles is a list of filenames such as
'...', '/tmp/.X11-unix' etc.

As you can see it will be simple code which would be easy to check for bugs (format strings etc)

I will also have a web site where people can submit other names which are bad so they can be incorporated into the next 
release. I will most probably do this in php.

I think this concept could be applied to Windows NT as well but I am not sure of the way to do kernel modules on that 
OS. Also I do not know if any other projects do a similar thing such as SourceForge.

Any thoughts/ideas?

just1n

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N+++ o+ K+++ w---
O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++
G+++++ e++ h r-- y++**
------END GEEK CODE BLOCK------
-- 
____________________________________________________
Get your own Hello Kitty email @ www.sanriotown.com

Powered by Outblaze