Vulnerability Development mailing list archives

Re: Kernel module for file protection ideas

From: Bruno Lustosa <bruno () lustosa net>
Date: Thu, 8 Jan 2004 14:20:59 -0200

* Just1n T1mberlake <hotpackets () hellokitty com> [08-01-2004 13:50]:

I have been thinking of ideas to stop many file attacks on Unix systems. 
When you find rootkits or other attack files on many Unix systems they will often try to hide their tracks by using 
filenames such as '...' and '/tmp/.X11-unix' etc.
I wish to write a kernel module (for linux initially) that will prevent such attacks. The kernel module in pseudo 
code:


This would help against a few of them, but just until they start using
some name not in the bad names list.
For example, suckit uses something in /usr/share/locale. If it's tagged
as bad, one could just name it something else. Hiding a file isn't
really hard after all, at least if you are hiding from someone not
searching for it.

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno () lustosa net
Network Administrator/Web Programmer | ICQ UIN: 1406477
Rio de Janeiro - Brazil              |

Attachment: _bin
Description:

Current thread:

Kernel module for file protection ideas Just1n T1mberlake (Jan 08)
- Re: Kernel module for file protection ideas Larry W. Cashdollar (Jan 08)
- Re: Kernel module for file protection ideas Bruno Lustosa (Jan 08)
  - Re: Kernel module for file protection ideas George Capehart (Jan 09)
- Re: Kernel module for file protection ideas Michael Hendrickx (Jan 09)
- RE: Kernel module for file protection ideas Aditya [ Aditya Lalit Deshmukh ] (Jan 09)
  - Re: Kernel module for file protection ideas Valdis . Kletnieks (Jan 10)
    - RE: Kernel module for file protection ideas Aditya [ Aditya Lalit Deshmukh ] (Jan 10)
- Re: Kernel module for file protection ideas Vikram Rangnekar (Jan 12)