At 21:05 Uhr -0300 3.10.2001, Peter Cordes wrote: > Yep, you can load modules, and you can run mknod(2) to make your own >/dev/hda, among other things. These are blockable by removing capabilities, >though. (At least, the modules attack is.)
I think another one is creating a [k]mem device (haven't tried it). Afaik, LIDS people had to introduce/implement a new capability to block direct memory access, which implies that on a normal kernel you can't prevent root from escaping chroot. > Obscurity is not useless. It is no good as your only defence, but combined >with solid security, obscurity makes an attackers job harder and more time >consuming. If nothing else, it may well give you more time to see stuff >going on in the logs before the attacker breaks into anything where they can >do damage. I guess it really depends on whether obscurity is used in a standard install (-> exploits are spread), or only in one particular install (that doesn't allow the use of some standard procedure). Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
