On Wed, Apr 02, 2003 at 09:46:52AM +0200, Dariush Pietrzak wrote: > > of proportion... Some things in security _have_ to be obscure. Your > > password, for example. Or the primes used to generate your PGP private > There's a difference between 'obscure' and 'secret'. In this context, I'd suggest that the difference is that things that need to be obscured _might_ be security risks, or are high-effort risks (your password-protected GPG secret key) and things that need to be kept secret are the low-effort risks, or things that are known to open up the security (your GPG secret key passphrase) > All you gain by removing kernel-loading capability from your kernel is to > force cracker to search memory to find entry points. > That's like hiding key to your door under your doormat. No, the key's the same. It's the lock that's been moved. Or rather, removed... Now the key must be inserted into the keyhole in such a way as to drop the tumblers. Sure, someone experienced enough could do it easily, but the guy who just wanders past and decides to look under your mat will get discouraged.... Not that I'm suggesting that the earlier poster's security setup (you have to _be_ root to make this work anyway) is a doormat level of security... But the metaphor needed stretching. :-) > > > Security-by-obscurity refers to securing things by relying on the > > obscurity of the _processes and functionality_ behind the security system, > that fits this description. No it doesn't. In this case, that would be hiding the Linux source code so that there was no reference to _find out_ how to load a module without modutils. Besides, security through obscurity isn't all it's cracked down to be... Ask distributed.net how well their keyblock uploading code works, security wise... -- ----------------------------------------------------------- Paul "TBBle" Hampson, MCSE 6th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) Paul.Hampson@Anu.edu.au Of course Pacman didn't influence us as kids. If it did, we'd be running around in darkened rooms, popping pills and listening to repetitive music. -- Kristian Wilson, Nintendo, Inc, 1989 This email is licensed to the recipient for non-commercial use, duplication and distribution. -----------------------------------------------------------
Attachment:
pgpxedoq5pdhr.pgp
Description: PGP signature