Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264479AbTEPQIK (ORCPT ); Fri, 16 May 2003 12:08:10 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264480AbTEPQIK (ORCPT ); Fri, 16 May 2003 12:08:10 -0400 Received: from siaab1ab.compuserve.com ([149.174.40.2]:40129 "EHLO siaab1ab.compuserve.com") by vger.kernel.org with ESMTP id S264479AbTEPQIF (ORCPT ); Fri, 16 May 2003 12:08:05 -0400 Date: Fri, 16 May 2003 12:15:21 -0400 From: Chuck Ebbert <76306.1226@compuserve.com> Subject: Re: The disappearing sys_call_table export. To: Mike Touloumtzis Cc: Ahmed Masud , Jesse Pollard , linux-kernel@vger.kernel.org, Yoav Weiss Message-ID: <200305161219_MC3-1-3938-C302@compuserve.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4365 Lines: 75 Mike Touloumtzis wrote: > No Unix (even a "secure" one) is designed to run all security-critical > code in the kernel. That would be a bad design anyway, since it would > run lots of code at an unwarranted privilege level. "login" is not > part of the kernel. "su" is not part of the kernel". Yes, but "elsewhere" I can audit the system and see which programs and subsystems are authorized to logon users and the authentication methods they can use. Note that the below output is not from some "security enhanced" or "server" version of the OS but rather from a $179 upgrade I bought at the local Staples store: 2003-05-16 05:06:25 Security Success Audit System Event 515 NT AUTHORITY\SYSTEM "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. Logon Process Name: Protected Storage Service " 2003-05-16 05:06:24 Security Success Audit System Event 515 NT AUTHORITY\SYSTEM "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. Logon Process Name: LAN Manager Workstation Service " 2003-05-16 05:06:17 Security Success Audit System Event 518 NT AUTHORITY\SYSTEM "An notification package has been loaded by the Security Account Manager. This package will be notified of any account or password changes. Notification Package Name: scecli " 2003-05-16 05:06:17 Security Success Audit System Event 515 NT AUTHORITY\SYSTEM "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. Logon Process Name: Service Control Manager " 2003-05-16 05:06:17 Security Success Audit System Event 515 NT AUTHORITY\SYSTEM "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. Logon Process Name: Winlogon\MSGina " 2003-05-16 05:06:17 Security Success Audit System Event 515 NT AUTHORITY\SYSTEM "A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests. Logon Process Name: KSecDD " 2003-05-16 05:06:17 Security Success Audit System Event 514 NT AUTHORITY\SYSTEM "An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. Authentication Package Name: D:\WINNT\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 " 2003-05-16 05:06:17 Security Success Audit System Event 514 NT AUTHORITY\SYSTEM "An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. Authentication Package Name: D:\WINNT\system32\schannel.dll : Microsoft Unified Security Protocol Provider " 2003-05-16 05:06:17 Security Success Audit System Event 514 NT AUTHORITY\SYSTEM "An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. Authentication Package Name: D:\WINNT\system32\msv1_0.dll : NTLM " 2003-05-16 05:06:17 Security Success Audit System Event 514 NT AUTHORITY\SYSTEM "An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. Authentication Package Name: D:\WINNT\system32\kerberos.dll : Kerberos " 2003-05-16 05:06:17 Security Success Audit System Event 514 NT AUTHORITY\SYSTEM "An authentication package has been loaded by the Local Security Authority. This authentication package will be used to authenticate logon attempts. Authentication Package Name: D:\WINNT\system32\LSASRV.dll : Negotiate " - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/