Greg KH wrote: > On Thu, Jun 14, 2001 at 03:36:21PM -0700, Titus D. Winters wrote: > > Can I get a feel for the idea of having a hook that will govern letting a > > module be detected? I can imagine there are some securiyt modules (mine > > for example) that would rather not broadcast their existence via someone > > running lsmod. I think I know where to add it already. > > That's for the "l33t 15m" security module :) > I don't think that it is needed, or wanted in a normal module. I assumed that it was for building a honeypot module, which is a legitimate security need. It is "malicious code" in some vague sense, in that it is trying to deceive the attacker running on the host, so some of the techniques look kind of e1ee7. See the Deception Toolkit http://all.net/dtk/ Whether LSM can accomodate such goals, while staying within the bounds of what Linus & co. will accept, is another matter. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Jun 16 2001 - 11:39:30 PDT