|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Kernel module for file protection ideas
From: Bruno Lustosa (bruno
lustosa.net)
Date: Thu Jan 08 2004 - 10:20:59 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Just1n T1mberlake <hotpacketshellokitty.com> [08-01-2004 13:50]:
> I have been thinking of ideas to stop many file attacks on Unix systems.
> When you find rootkits or other attack files on many Unix systems they will often try to hide their tracks by using filenames such as '...' and '/tmp/.X11-unix' etc.
> I wish to write a kernel module (for linux initially) that will prevent such attacks. The kernel module in pseudo code:
This would help against a few of them, but just until they start using
some name not in the bad names list.
For example, suckit uses something in /usr/share/locale. If it's tagged
as bad, one could just name it something else. Hiding a file isn't
really hard after all, at least if you are hiding from someone not
searching for it.
--
Bruno Lustosa, aka Lofofora | Email: brunolustosa.net
Network Administrator/Web Programmer | ICQ UIN: 1406477
Rio de Janeiro - Brazil |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQE//YNriNfNvfQ8L5IRAkw/AKC5kkEziaQOsXR22DjVozGsXMbvjQCfXUzo
UJ/Tw1vhV1C8x1tAv7+D+qs=
=HvRs
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]