|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Kernel module for file protection ideas
From: Just1n T1mberlake (hotpackets
hellokitty.com)
Date: Wed Jan 07 2004 - 19:06:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Security Professionals,
I have been thinking of ideas to stop many file attacks on Unix systems.
When you find rootkits or other attack files on many Unix systems they will often try to hide their tracks by using filenames such as '...' and '/tmp/.X11-unix' etc.
I wish to write a kernel module (for linux initially) that will prevent such attacks. The kernel module in pseudo code:
module_file_create()
{
if filename_in_list(badfiles) then
error_cannot_create
else
call_real_file_create
}
where badfiles is a list of filenames such as
'...', '/tmp/.X11-unix' etc.
As you can see it will be simple code which would be easy to check for bugs (format strings etc)
I will also have a web site where people can submit other names which are bad so they can be incorporated into the next release. I will most probably do this in php.
I think this concept could be applied to Windows NT as well but I am not sure of the way to do kernel modules on that OS. Also I do not know if any other projects do a similar thing such as SourceForge.
Any thoughts/ideas?
just1n
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED/J d-- s:++>: a-- C++(++++) ULU++ P+ L++ E---- W+(-) N+++ o+ K+++ w---
O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++
G+++++ e++ h r-- y++**
------END GEEK CODE BLOCK------
--
____________________________________________________
Get your own Hello Kitty email www.sanriotown.com
Powered by Outblaze
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]