At 21:05 Uhr -0300 3.10.2001, Peter Cordes wrote:
Yep, you can load modules, and you can run mknod(2) to make your own
/dev/hda, among other things. These are blockable by removing capabilities,
though. (At least, the modules attack is.)
I think another one is creating a [k]mem device (haven't tried it).
Afaik, LIDS people had to introduce/implement a new capability to
block direct memory access, which implies that on a normal kernel you
can't prevent root from escaping chroot.
Obscurity is not useless. It is no good as your only defence, but combined
with solid security, obscurity makes an attackers job harder and more time
consuming. If nothing else, it may well give you more time to see stuff
going on in the logs before the attacker breaks into anything where they can
I guess it really depends on whether obscurity is used in a standard
install (-> exploits are spread), or only in one particular install
(that doesn't allow the use of some standard procedure).