Hello, > the fact that your program has both a userspace and a kernel-space > component makes it almost immediately suspect as "vulnerable". kind of > funny for me to get to reply to a "security tool" announcement with a > notice-of-warning. Send exploit, I'll be interested. I use medusa as a tester for production systems too. Okay, another point of view -- the communication with user-space daemon is very well protected. You can tell the kernel to halt if the constable daemon falls. But using medusa doesn't mean you have a secure server -- everything depends on configuration file. > has the source to the userspace module been audited yet? hopefully by > someoen other than the authors? I think, that it isn't. But I think, that's the reason authors numbered it 0.7.9 and posted here. I really trust this system, it's been under heavy development of very good people. But at least you have to protect kernel memory, communication device, constable daemon, etc. The funny way to do is to put all software, that has something to do with network into another virtual space. This makes network hack very hard (because having uid=0 by hacking remotely here means almost nothing). > that last part sounds like it might make, with a few mods, a great 3l33t > h@x0r tool :) perhaps it might be most useful to someone good enough to for hacker tools look for heroin or something like that, it's more usable. This is really a security system. Just try and then talk about it... When you talk, it is vulnerable, send exploit Juraj.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:42 PDT