On Friday 25 July 2003 15:40, Omen Wild wrote: > Quoting Jesse Pollard <jesse@cats-chateau.net> on Thu, Jul 24 15:56: > > If the attacker can do that, then he can just replace the search path > > environment variable and accomplish the same thing. > > I am not trying to protect against every attack, but a specific type of > attack. I guess I'm mostly trying to protect against rootkits and > Trojans. Those usually modify critical binaries to cover their tracks. > > If the admin is worried about the search path getting changed, then > they should protect the files that control the search path against > tampering (with this module). So you are going to hash EVERY script on the system, and user files too? I don't think so. You would never be able to keep up with user changes. Even changes to root. The profile is read on every invocation of the shell. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 13:56:08 PDT