mailing list archives
Re: detecting sniffers is downright easy
From: proff () suburbia apana org au (Julian Assange)
Date: Mon, 15 May 1995 13:16:58 +1000 (EST)
It would be nice to have the kernel MD5 programs just before
it executes them, and refuse to execute them them if that MD5 checksum
isn't on the 'approved' list. Put the code in the middle of the
'exec()' code, after loading and before running.
Thats an interesting idea. However one that I suspect would be very expensive,
given such factors as shared memory, dynamicly paged libraries and executables.
One might be better off in removing the /dev/kmem write fuctions from the kernel
and adding an "unmutable" bit (such as supported by 4.4 BSD) to the inode entry,
which can only be set in single user mode and modifying exec() to only allow
execution of unmutable files. You would also need to remove user access to the
/dev block devices which map the file-space in question.