Vulnerability Development mailing list archives
Re: Kernel module for file protection ideas
From: George Capehart <gwc () acm org>
Date: Thu, 8 Jan 2004 21:47:25 -0500
On Thursday 08 January 2004 11:20 am, Bruno Lustosa wrote:
* Just1n T1mberlake <hotpackets () hellokitty com> [08-01-2004 13:50]:I have been thinking of ideas to stop many file attacks on Unix systems. When you find rootkits or other attack files on many Unix systems they will often try to hide their tracks by using filenames such as '...' and '/tmp/.X11-unix' etc. I wish to write a kernel module (for linux initially) that will prevent such attacks. The kernel module in pseudo code:This would help against a few of them, but just until they start using some name not in the bad names list. For example, suckit uses something in /usr/share/locale. If it's tagged as bad, one could just name it something else. Hiding a file isn't really hard after all, at least if you are hiding from someone not searching for it.
White lists are always better than blacklists. It's usually *much* easier to provide a list of acceptable options/values/whatever than it is to provide a list of the unacceptable ones. The number of elements in that set approaches infinity . . . ;-) /g
Current thread:
- Kernel module for file protection ideas Just1n T1mberlake (Jan 08)
- Re: Kernel module for file protection ideas Larry W. Cashdollar (Jan 08)
- Re: Kernel module for file protection ideas Bruno Lustosa (Jan 08)
- Re: Kernel module for file protection ideas George Capehart (Jan 09)
- Re: Kernel module for file protection ideas Michael Hendrickx (Jan 09)
- RE: Kernel module for file protection ideas Aditya [ Aditya Lalit Deshmukh ] (Jan 09)
- Re: Kernel module for file protection ideas Valdis . Kletnieks (Jan 10)
- RE: Kernel module for file protection ideas Aditya [ Aditya Lalit Deshmukh ] (Jan 10)
- Re: Kernel module for file protection ideas Valdis . Kletnieks (Jan 10)
- Re: Kernel module for file protection ideas Vikram Rangnekar (Jan 12)