Re: Security Hole in Axent ESM

From: Bert Driehuis (bert_driehuisat_private)
Date: Sat Aug 29 1998 - 13:44:12 PDT

Next message: Crispin Cowan: "Re: StackGuard-protected Linux and a New StackGuard Compiler"

Previous message: Peter van Dijk: "buffer overflow in nslookup?"
Maybe in reply to: dcuppat_private: "Security Hole in Axent ESM"
Next in thread: Andy Church: "Re: Security Hole in Axent ESM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 28 Aug 1998, Mark (Mookie) wrote:

> >ESM does not only look at CRC's to verify if a file is genuine.  It also looks
> >at the timestamps; both the m-time and the c-time.  m-times are easy to change,
> >c-times are a lot harder and leave a trace.

[snip]

> This doesn't leave a trace. There are numerous other programs to completely
> replace all timestamps as normal, undetected. Technology has come a long way
> since the above was written.

This is why BSD/OS since version 3.0 disallows setting the clock
backwards when running at normal securelevel. I think more operating
systems need that feature. Subverting timestamps in this environments
becomes much harder.

Cheers,

                                        -- Bert

Bert Driehuis, MIS -- bert_driehuisat_private -- +31-20-3116119
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
                -- Benjamin Franklin.

Next message: Crispin Cowan: "Re: StackGuard-protected Linux and a New StackGuard Compiler"
Previous message: Peter van Dijk: "buffer overflow in nslookup?"
Maybe in reply to: dcuppat_private: "Security Hole in Axent ESM"
Next in thread: Andy Church: "Re: Security Hole in Axent ESM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:04 PDT