Re: How to get full pathname from an inode?

• Previous message: Chris Wright: "Re: How to get full pathname from an inode?"
• In reply to: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Next in thread: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Next in thread: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Reply: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Jesse Pollard <jesse@cats-chateau.net> on Thu, Jul 24 15:56:
>
> If the attacker can do that, then he can just replace the search path 
> environment variable and accomplish the same thing.

I am not trying to protect against every attack, but a specific type of
attack.  I guess I'm mostly trying to protect against rootkits and
Trojans.  Those usually modify critical binaries to cover their tracks. 

If the admin is worried about the search path getting changed, then
they should protect the files that control the search path against
tampering (with this module).

Omen

-- 
T-Shirt saying: Nothing is impossible
if you don't have to do it yourself.

• application/pgp-signature attachment: stored

• Next message: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Previous message: Chris Wright: "Re: How to get full pathname from an inode?"
• In reply to: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Next in thread: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Next in thread: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Reply: Jesse Pollard: "Re: How to get full pathname from an inode?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 13:40:27 PDT