Date: Tue, 17 Jul 2001 13:56:26 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Jason DiCioccio <jdicioccio@epylon.com>, "'Artur Meski'" <glash@freebsd.net.pl>, freebsd-security@FreeBSD.ORG, robert@watson.org Subject: Re: Exec logging, FreeBSD Kernel Module. Message-ID: <Pine.NEB.3.96L.1010717135000.44228B-100000@fledge.watson.org> In-Reply-To: <20010717095535.A78558@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I basically got a 0 response to my initial SPY reply, so I will attempt to mention it here again, and throw Robert's name on it. AFAIK, at USENIX there was a BoF for those working on kernel related security features (Trusted patch sets, other) to speak their minds on 1) what they were doing and 2) to attempt to start to come up with some sort of cross-OS standard for having "hooks" into kernel code. This would allow for easy coding of kernel related features that could be cross-OS allowing for only recoding of possible OS specific pieces (which would be greatly lessened after this standard interface was in place). Anyway, what I had been wondering was whether or not there were some useful conclusions actually made from that BoF... These would be useful in something like SPY -- or some work that Im doing -- so that they can attempt to conform to a standard from the beginning. Anyone have any thoughts on 1) what happened at hte BoF and 2) future of kernel hook standards in fbsd? Andrew On Tue, 17 Jul 2001, Kris Kennaway wrote: > On Tue, Jul 17, 2001 at 09:37:22AM -0700, Jason DiCioccio wrote: > > > > Try reading up on process accounting :-) > > Process accounting isn't intended as a security audit feature. > > Kris > *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010717135000.44228B-100000>