[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security patches

On Thu, 18 Dec 2003, martin f krafft wrote:
> I would be very interested, Russel, to hear your opinion about the
> claim that the LSM hooks are dangerous in terms of root kit
> exploits. Do you agree? If not, then please tell us what LSM
> precautions take care to prevent that.

Given the patch-the-kernel-directly exploits, and the module-based-exploits
right now that work without even touching the LSM hooks, this question
always looked quite missplaced to me every time I heard it...

Now, what I would like to have is a kernel that loads in all executable
pages it might need, and locks itself out from ever loading or writing over
any other executable pages [that would run in kernel context] again.  This
needs hardware support, of course, which I don't know if any of the commonly
used architectures have...

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: