[Dailydave] On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns

Rodrigo Rubira Branco (BSDaemon) rodrigo at kernelhacking.com
Tue May 15 08:04:00 EDT 2007 

With auto-learning system this behavior will be learned, but you can edit
the generated rules and write what do you want to write.

Also, you have the 'rules pattern' as you have in selinux.  Auto-learning
just turn possible to everyone protect systems.  You are not thinking about
big companies, with big old-systems, with old-administrators, trying to
setup a 'secure' environment...

I really think is better permit sshd to write to /etc/shadow than permit
everything.

The question here is you (and others who don´t like auto-learning systems)
is trying to convince yourself (and others) the administrator must be
skilled, or can´t be an administrator.  Are you pretty sure this is true in
most of situations?


Cya,


Rodrigo (BSDaemon).

--
http://www.kernelhacking.com/rodrigo

Kernel Hacking: If i really know, i can hack

GPG KeyID: 5E90CA19


--------- Mensagem Original --------
De: Steve Grubb <sgrubb at redhat.com>
Para: dailydave at lists.immunitysec.com <dailydave at lists.immunitysec.com>,
Rodrigo Rubira Branco BSDaemon <rodrigo at kernelhacking.com>
Assunto: Re: [Dailydave] On exploiting null ptr derefs, disabling SELinux,
and silently fixed Linux vulns
Data: 15/05/07 10:44

>
> On Monday 14 May 2007 15:18, Rodrigo Rubira Branco (BSDaemon) wrote:
> &gt; Again our discussion (good discussion, tks for your position!) about
> &gt; auto-learning ;)
>
> Let me give you a concrete example. If you have your passwords set to
expire
> and normally let people into the machine by sshd and you have pam linked
in,
> you will need sshd to be able to write to /etc/shadow. I would presume
that
> auto-learning systems would go ahead and grant that access.
>
> The better solution is to create a minimalistic helper program that has
just
> that capability and can only be run by the parent. It can be confined to
just
> making the update and the parent which is network facing only able to exec
> that program.
>
> Auto learning systems cannot make architectural desicions like that.
>
> -Steve
>
>
>
>
>

________________________________________________
Message sent using UebiMiau 2.7.2

More information about the Dailydave mailing list