On Sun, Jun 17, 2001 at 07:55:40PM -0800, Ethan Benson wrote: > > a bit. lids makes system adminsitration utterly impossible. unless > you leave enough holes open which an attacker can use to bypass it > all. well nearly... at least you can prevent new or unknown process/files from acessing stuff. If there is an exploit for an existing piece of software you are back at square one.
The advantage is extremely granular control: a program at a specific inode can be given capabilities while everything else has them refused. the disadvantage is that you end up with a million little holes (complexity) fortunately the files that have these added capabilities are also protected (from trojaning - buffer overruns etc still work) > > the thing is once you make exceptions for the system adminsistrator to > use to maintain the you open the holes the attacker needs to trojan > your system and to remove the additional obsticales you installed. yes it is possible with lids, but it is a _lot_ harder: processes can be hidden. binaries RO (trojaning is difficult) logs append /etc/somefile can only be read when you allow it. > > system adminsitrator == root > cracker == root > cracker==root sysadmin==root+LIDS_password if someone can sniff me typing in my lids password (encrypted in the kernel) then I am stuffed. In short Lids can be a pain to set up, but would also be a pain to crack, especially if the cracker doesn't know exactly which rules I have set up. a good cracker could do it. btw I notice that they are still working on fork bomb protection. that would be nice :) --