[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Secure 2.4.x kernel

very interesting.  thanks.

-----Original Message-----
From: Andres Salomon [mailto:dilinger@mp3revolution.net]
Sent: Friday, December 21, 2001 1:33 PM
To: debian-security@lists.debian.org
Subject: Re: Secure 2.4.x kernel


Take a look at the St. Jude kernel module/model paper on sourceforge.  I
haven't gotten the module to do anything other than hang the box (under
2.4), but the paper itself is interesting, and along the lines of what
you want.  Essentially, privileged processes have certain syscalls
watched (sys_exec(), for example).  When one of these syscalls is run,
St. Jude checks its list of what the process is allowed to exec, and
blocks the syscall if you can't.  The list of syscall arguments is
created by running the module in "learn" mode, where it allows all
syscalls.

http://sourceforge.net/projects/stjude



On Fri, Dec 21, 2001 at 12:35:27PM -0500, Gary MacDougall wrote:
>
> Interesting.
>
> Has someone done some work on this?
> I'm mean, lets face it, your running a bunch of
> servers and they have boat loads of daemon's.  Why
> they'll need to fork/exec a shell is really a good
> question -- in my mind, they don't.  I could be wrong.
>
> Why not simply build this ability into the kernel?
> Could be an option at menuconfig time...
>
> Gary
>
> -----Original Message-----
> From: Kelly Martin [mailto:kellym@fb00.fb.org]
> Sent: Friday, December 21, 2001 12:24 PM
> To: 'Robert Clay'; debian-security@lists.debian.org
> Subject: RE: Secure 2.4.x kernel
>
>
> As far as I know, Linux does not support doing that.  So the way you do it
> is modify your kernel to make fork and exec revokable syscalls, write a
> syscall allowing a process to request revocation of unneeded syscalls, and
> add that call to your daemon.
>
> Kelly
>
> > -----Original Message-----
> > From:	Robert Clay [SMTP:JClay@techteam.com]
> > Sent:	Friday, December 21, 2001 11:17 AM
> > To:	debian-security@lists.debian.org
> > Subject:	RE: Secure 2.4.x kernel
> >
> > And how would one do that?
> >
> > >>> Kelly Martin <kellym@fb00.fb.org> 12/21/01 12:09PM >>>
> > ...Taking away the fork and exec syscalls from a daemon which does not
> > need to do either would be a good start.
> >
> >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>

--
"I think a lot of the basis of the open source movement comes from
  procrastinating students..."
	-- Andrew Tridgell <http://www.linux-mag.com/2001-07/tridgell_04.html>


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.310 / Virus Database: 171 - Release Date: 12/19/2001
Reply to: