Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Kernel module for file protection ideas

From: "Aditya [ Aditya Lalit Deshmukh ]" <aditya () online gateway technolabs net>
Date: Fri, 9 Jan 2004 11:28:50 +0530
this would be a very bad idea as any kernel level programmer will tell you that every 'if' takes time for comparison 
and you will be doing that every time for evry file access and parsing through a list of datastructs and other stuff 
that would possibally will make the system very slow for any "real world"  use

my point of view $0.002... 

- aditya 



-----Original Message-----
From: Just1n T1mberlake [mailto:hotpackets () hellokitty com]
Sent: Thursday, January 08, 2004 6:37 AM
To: vuln-dev () securityfocus com
Subject: Kernel module for file protection ideas


Hello Security Professionals,

I have been thinking of ideas to stop many file attacks on Unix systems. 
When you find rootkits or other attack files on many Unix systems they will often try to hide their tracks by using 
filenames such as '...' and '/tmp/.X11-unix' etc.
I wish to write a kernel module (for linux initially) that will prevent such attacks. The kernel module in pseudo code:

module_file_create()
{
  if filename_in_list(badfiles) then
    error_cannot_create
  else
    call_real_file_create
}

where badfiles is a list of filenames such as
'...', '/tmp/.X11-unix' etc.

As you can see it will be simple code which would be easy to check for bugs (format strings etc)

I will also have a web site where people can submit other names which are bad so they can be incorporated into the next 
release. I will most probably do this in php.

I think this concept could be applied to Windows NT as well but I am not sure of the way to do kernel modules on that 
OS. Also I do not know if any other projects do a similar thing such as SourceForge.

Any thoughts/ideas?

just1n

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N+++ o+ K+++ w---
O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++
G+++++ e++ h r-- y++**
------END GEEK CODE BLOCK------
-- 
____________________________________________________
Get your own Hello Kitty email @ www.sanriotown.com

Powered by Outblaze


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
Previous By Date Next
Previous By Thread Next

Current thread: