|
|
Subscribe / Log in / New account

Known-exploit detection for the kernel

Known-exploit detection for the kernel

Posted Dec 19, 2013 12:44 UTC (Thu) by iq-0 (subscriber, #36655)
In reply to: Known-exploit detection for the kernel by Trou.fr
Parent article: Known-exploit detection for the kernel

You seem to suggest that not doing this would change the focus of said kernel developers to do more kernel security improvements. That is rather wishful thinking, they would do something different but not necessarily that.

The idea itself is also not bad. It's the equivalent of doing authentication attempt logging and detecting possible attacks. Does it increase security? No. Does it tell you there might be something going on? Yes. Can attackers circumvent those checks? Yes. Does that make them less valuable? No, the attackers have to take more precautions, take more actions which might be detected or risk tripping an alarm.

An analogy would be to install a video cameras in your house. Any burglar could easily either circumvent them, disable them or ignore them and afterwards erase the tapes. But it makes live more difficult for them (even if slightly), might deter them to look for easier targets or increase the chance of detection because of all the steps involved. And there is a good chance some are not that diligent and get caught in the act.

You can never assume to be secure, you can only try and hope that it's as uneconomically possible for others to abuse the weaknesses.
But often it's just as important to just know somebody might have (tried) to do that, so you can take appropriate measures to minimize possible (indirect) damage.

to post comments

Known-exploit detection for the kernel

Posted Dec 19, 2013 23:16 UTC (Thu) by Trou.fr (subscriber, #26289) [Link] (3 responses)

I perfectly understand the reasoning. But I think this is quite representative of the current mindset of developpers regarding security : no consideration for effective measure and it sometimes seems no consideration for actual security.

The single "recent" feature which led to actual security improvements in the kernel I can think of is seccomp-bpf, which is a brilliant and very efficient idea.

As you said, developpers would probably turn their attention to something else entirely. If only some grsec features could be included in the kernel.

Known-exploit detection for the kernel

Posted Dec 25, 2013 23:02 UTC (Wed) by nix (subscriber, #2304) [Link] (2 responses)

If only some grsec features could be included in the kernel.
That seems unlikely to happen while the grsec people remain incapable of working with other people or taking criticism of any kind without blowing up like two-year-olds. (Apologies to my two-year-old niece, who blows up very rarely and is usually quite charming and sweet.)

Known-exploit detection for the kernel

Posted Dec 25, 2013 23:56 UTC (Wed) by PaXTeam (guest, #24616) [Link] (1 responses)

did you move to the southern hemisphere recently? i can't think of many other places where it's hayfever season. keep up the nonsense and spender and i wish you a merry christmas (try without the drugs though).

Known-exploit detection for the kernel

Posted Dec 26, 2013 22:22 UTC (Thu) by nix (subscriber, #2304) [Link]

... aand my point is proved. I'd rather bite my own nose off than work with people this nasty.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds