Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Kernel module for file protection ideas

Re: Kernel module for file protection ideas

From: Bruno Lustosa <bruno_at_lustosa.net>
Date: Thu, 8 Jan 2004 14:20:59 -0200

* Just1n T1mberlake <hotpackets_at_hellokitty.com> [08-01-2004 13:50]:
> I have been thinking of ideas to stop many file attacks on Unix systems.
> When you find rootkits or other attack files on many Unix systems they will often try to hide their tracks by using filenames such as '...' and '/tmp/.X11-unix' etc.
> I wish to write a kernel module (for linux initially) that will prevent such attacks. The kernel module in pseudo code:

This would help against a few of them, but just until they start using
some name not in the bad names list.
For example, suckit uses something in /usr/share/locale. If it's tagged
as bad, one could just name it something else. Hiding a file isn't
really hard after all, at least if you are hiding from someone not
searching for it. 

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno_at_lustosa.net
Network Administrator/Web Programmer | ICQ UIN: 1406477
Rio de Janeiro - Brazil              |

  • application/pgp-signature attachment: stored
Received on Jan 08 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos