On Mon, Jan 07, 2002 at 02:14:25PM -0000, Pybus, David wrote: > Agreed, removing editors is a waste of time and just makes it difficult > to admin the system. For example given shell access, the command cat and > the re-direction operator '>' it is easy to edit a file. <...snip editing example...>
Agreed. Has grsequrity.net, openwall or anyone else produced a kernel- patch which only allows signed executables to run? Along the lines of: [For a server.] * Decrypt a cert. on boot (from keyboard, network, special hardware, ...) * Use a kernel provided ld.so and disallow user processes to map something as exec:able (Sadly stopping all jvms, wine, uml, xfree, ..) * And verify all programs against cert. on load. The idea being to stop the attacker from installing any elf- executables on the server. (Module support disabled ofcourse.) I haven't looked at many rootkits so this might be a silly idea. (?) -- //Bj�rnen. [EMAIL PROTECTED] | [EMAIL PROTECTED] | [EMAIL PROTECTED]
msg00104/pgp00000.pgp
Description: PGP signature
