[rsbac] Re: Will 2.4.20 Source be patched for the latest kernel
vulnerability?
Amon Ott
ao at rsbac.org
Tue Dec 2 21:56:00 CET 2003
On Dienstag, 2. Dezember 2003 21:14, Joachim Ring wrote:
> On Tue, Dec 02, 2003 at 14:45:08 +0100, Amon Ott wrote:
> > Nothing helps but fixing the kernel bug, see my latest posting. I fear,
none
> > of the existing kernel security extensions can limit this bug's effects.
> >
> > All of you certainly know that RSBAC, like the other kernel extensions,
must
> > rely on the kernel's correct implementation. Once you enter kernel space,
> > there is no more security - this is a major disadvantage of its monolithic
> > design.
>
> while i suppose all of the above statements that rsbac doesn't help
> against the now infamous do_brk exploit are true, the fact that the machine
to
> be attacked has rsbac in place with a policy which either allows writing or
> executing binaries & libs but never both for any given location, might have
> made exploiting the hole a real challenge...
Thanks for your pointing at this. Yes, sure, a real security system like RSBAC
would have made it much more difficult, but not impossible. That should have
been the main point - all we can do is raise the level higher and higher.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list