Content-Type: text/plain; charset=US-ASCII
From: Jesse Pollard <jesse@cats-chateau.net>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: The disappearing sys_call_table export.
Date: Thu, 8 May 2003 13:28:05 -0500
Cc: Chuck Ebbert <76306.1226@compuserve.com>,
       "viro@parcelfarce.linux.theplanet.co.uk" 
	<viro@parcelfarce.linux.theplanet.co.uk>,
       Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
       Terje Eggestad <terje.eggestad@scali.com>
References: <200305081009_MC3-1-37FA-2408@compuserve.com> <03050809564900.09057@tabby> <1052407341.10038.69.camel@dhcp22.swansea.linux.org.uk>
In-Reply-To: <1052407341.10038.69.camel@dhcp22.swansea.linux.org.uk>
MIME-Version: 1.0
Message-Id: <03050813280502.09468@tabby>
Content-Transfer-Encoding: 7BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1079
Lines: 22

On Thursday 08 May 2003 10:22, Alan Cox wrote:
[snip]
> > Fix the vulnerability. Then there won't be a virus.
>
> But you don't know if its fixed and if there are any more holes without
> being able to detect attackers be they electronic or human.

Detecting attackers is a different situation. An attack that is already fixed
is not a serious problem other than bandwidth. Virus scanners can't do that
anyway - they can only detect what has already been detected... and which
should have been fixed by the time the signature could have been put out,
anyway. Detection should be part of an intrusion facility (isn't LIDS supposed
to do that?)

Second, I want to setup SELinux to sandbox various facilities anyway (delayed 
due to job change). That should isolate any unknown attack to just one
service, and protect the overall system.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/