Re: own kernel vs debian kernel (was: ptrace exploit)
On Thu, Apr 17, 2003 at 03:05:13AM +0200, Filippo Carone wrote:
> What you say here may lead to confusion. A monolithic kernel doesn't
> give you added security toward a modular kernel. To make the kernel a
> little bit more secure I'd use grsecurity (ie to prevent code injection,
> syscall hijacking and so on).
I beg to differ. An ex-hacker friend of mine said his favorite
root kit was a module that once installed made itself invisible. I want
to at the very least force them to reboot or use a more standard application
based root kit. Yes, this is only something that happens after the
hack. I consider it one of those ideas like keeping your hands on
the wheel after the initial impact. Anything that raises your chance
at detecting a successful attack on your machines is worthwhile.
I have no loss in capability because I only select those kernel
items I actually need. Most of my server kernels are not quite
boot floppy size, but they are not particularly large either.
And btw, I use grsec in those monolithic kernels, among other
patches.
I may relax this rule at such time as I am using Selinux,
but certainly not before.
--
------------------------------------------------------
IN MY NAME: Dale Amon, CEO/MD
No Mushroom clouds over Islandone Society
London and New York. www.islandone.org
------------------------------------------------------
Reply to: