Re: own kernel vs debian kernel (was: ptrace exploit)

[Dale Amon <amon@vnl.com>]

On Thu, Apr 17, 2003 at 03:05:13AM +0200, Filippo Carone wrote:
>  What you say here may lead to confusion. A monolithic kernel doesn't
> give you added security toward a modular kernel. To make the kernel a
> little bit more secure I'd use grsecurity (ie to prevent code injection,
> syscall hijacking and so on).

I beg to differ. An ex-hacker friend of mine said his favorite
root kit was a module that once installed made itself invisible. I want
to at the very least force them to reboot or use a more standard application
based root kit. Yes, this is only something that happens after the
hack. I consider it one of those ideas like keeping your hands on
the wheel after the initial impact. Anything that raises your chance
at detecting a successful attack on your machines is worthwhile.

I have no loss in capability because I only select those kernel
items I actually need. Most of my server kernels are not quite
boot floppy size, but they are not particularly large either.

And btw, I use grsec in those monolithic kernels, among other
patches.

I may relax this rule at such time as I am using Selinux,
but certainly not before.

-- 
------------------------------------------------------
       IN MY NAME:            Dale Amon, CEO/MD
  No Mushroom clouds over     Islandone Society
    London and New York.      www.islandone.org
------------------------------------------------------