Vulnerability Development mailing list archives
RE: Kernel module for file protection ideas
From: "Aditya [ Aditya Lalit Deshmukh ]" <aditya () online gateway technolabs net>
Date: Fri, 9 Jan 2004 11:28:50 +0530
this would be a very bad idea as any kernel level programmer will tell you that every 'if' takes time for comparison and you will be doing that every time for evry file access and parsing through a list of datastructs and other stuff that would possibally will make the system very slow for any "real world" use my point of view $0.002... - aditya -----Original Message----- From: Just1n T1mberlake [mailto:hotpackets () hellokitty com] Sent: Thursday, January 08, 2004 6:37 AM To: vuln-dev () securityfocus com Subject: Kernel module for file protection ideas Hello Security Professionals, I have been thinking of ideas to stop many file attacks on Unix systems. When you find rootkits or other attack files on many Unix systems they will often try to hide their tracks by using filenames such as '...' and '/tmp/.X11-unix' etc. I wish to write a kernel module (for linux initially) that will prevent such attacks. The kernel module in pseudo code: module_file_create() { if filename_in_list(badfiles) then error_cannot_create else call_real_file_create } where badfiles is a list of filenames such as '...', '/tmp/.X11-unix' etc. As you can see it will be simple code which would be easy to check for bugs (format strings etc) I will also have a web site where people can submit other names which are bad so they can be incorporated into the next release. I will most probably do this in php. I think this concept could be applied to Windows NT as well but I am not sure of the way to do kernel modules on that OS. Also I do not know if any other projects do a similar thing such as SourceForge. Any thoughts/ideas? just1n -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N+++ o+ K+++ w--- O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++ e++ h r-- y++** ------END GEEK CODE BLOCK------ -- ____________________________________________________ Get your own Hello Kitty email @ www.sanriotown.com Powered by Outblaze ________________________________________________________________________ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
Current thread:
- Kernel module for file protection ideas Just1n T1mberlake (Jan 08)
- Re: Kernel module for file protection ideas Larry W. Cashdollar (Jan 08)
- Re: Kernel module for file protection ideas Bruno Lustosa (Jan 08)
- Re: Kernel module for file protection ideas George Capehart (Jan 09)
- Re: Kernel module for file protection ideas Michael Hendrickx (Jan 09)
- RE: Kernel module for file protection ideas Aditya [ Aditya Lalit Deshmukh ] (Jan 09)
- Re: Kernel module for file protection ideas Valdis . Kletnieks (Jan 10)
- RE: Kernel module for file protection ideas Aditya [ Aditya Lalit Deshmukh ] (Jan 10)
- Re: Kernel module for file protection ideas Valdis . Kletnieks (Jan 10)
- Re: Kernel module for file protection ideas Vikram Rangnekar (Jan 12)