Re: The disappearing sys_call_table export.

Jesse Pollard (jesse@cats-chateau.net)
Thu, 8 May 2003 13:28:05 -0500


On Thursday 08 May 2003 10:22, Alan Cox wrote:
[snip]
> > Fix the vulnerability. Then there won't be a virus.
>
> But you don't know if its fixed and if there are any more holes without
> being able to detect attackers be they electronic or human.

Detecting attackers is a different situation. An attack that is already fixed
is not a serious problem other than bandwidth. Virus scanners can't do that
anyway - they can only detect what has already been detected... and which
should have been fixed by the time the signature could have been put out,
anyway. Detection should be part of an intrusion facility (isn't LIDS supposed
to do that?)

Second, I want to setup SELinux to sandbox various facilities anyway (delayed
due to job change). That should isolate any unknown attack to just one
service, and protect the overall system.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/