Re: RFC: sys_execve security kernel mod

• Previous message: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• In reply to: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Next in thread: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Next in thread: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Reply: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* J. Paul Reed (preedat_private) wrote:
> 
> You can't modify ctime without hacking the fs directly or doing so through
> the kernel... which, if an attacker someone is root, then they could

ctime can be modified from userspace.  the same touch(1) attack using
sys_utime(2) will update both mtime and ctime.

> probably do, but it'll keep your average IRCing script kiddie at bay...
> they don't even know what a ctime is.

security through obscurity is not a valid security scheme.

cheers,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Previous message: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• In reply to: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Next in thread: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Next in thread: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Reply: J. Paul Reed: "Re: RFC: sys_execve security kernel mod"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 15:04:35 PDT