Chad Perrin wrote:
> On Sat, Sep 22, 2007 at 10:34:07PM -0700, Crispin Cowan wrote:
>
>> A "private 0day exploit" (the case I was concerned with) would be where
>> someone develops an exploit, but does not deploy or publish it, holding
>> it in reserve to
iss the requirement that an 0day be found maliciously
exploiting machines, because that requires inferring intent. IMHO, a POC
exploit first posted to Bugtraq ahead of the patch counts as an 0day
exploit, unless it has been so thoroughly obfuscated that the "proof&
it.
What makes it an "0" day is that whoever is announcing it is first to
announce it in public. You could only invalidate the 0day claim by
showing that the same vulnerability had previously been disclosed by
someone else.
Crispin
--
Crispin Cowan, Ph.D. http://crispinco
he system, AppArmor would not be very useful
if it could not confine root.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
___
Full-Disclosure - We believe in it
so
> interested in the "Linux Security Modules Interface".
>
For an overview, look here:
"Linux Security Modules: General Security Support for the Linux
Kernel". Chris Wright, Crispin Cowan, Stephen Smalley, James Morris,
and Greg Kroah-Hartman. Presented
derstand, and you will see the user(s) making the correct decision(s).
>
Well, maybe. Users are notorious for not making the right decision.
AppArmor lets the site admin create the policy and distribute it to
users. Of course that assumes we are talking about Linux users :)
Crispin
--
Crispin