|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Curt Wilson (curtw
siu.edu)
Date: Fri Sep 05 2008 - 11:27:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Valdis.Kletnieksvt.edu wrote:
> On Fri, 05 Sep 2008 01:45:33 +0430, Mohammad Hosein said:
>
>> i'm probably 2-3 days far from examining this myself , but if anyone out
>> there have ideas on how this whole debug register hooks and stuff would
>> react on "hardened" kind of kernels ( like the one gentoo offers ) let us
>
> You'd probably need to examine each "hardened" kernel to see if their particular
> mix of hardening features includes anything to stop this particular rootkit.
> If the particular kernel doesn't address it, the rootkit won't care. There's
> too many different "hardened" kernels out there, with varying degrees of
> hardening and sanity of security posture, across the entire spectrum of
> "not really hardened" to "misguided cargo-cult hardening" to "truly bulletproof"
> that making a generic judgment is pointless.
>
> And note that even the "truly bulletproof" ones will probably yield when
> faced with a sufficiently high caliber artillery shell... ;)
What about SElinux? I don't currently have the time & resources to test
this.
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]