http://www.drugphish.ch/patches/ratz/bash/bash-3.0-fix_1439-3.diff
But http://ttyrpld.sourceforge.net/ looks indeed interesting, however
no 2.4.x support from what I can see.
This can be very easily circumvented if you can execute another shell
(for example your own version of bash without patch).
Everything can be circumvented, but that's hardly the point of what the
patch tries to achieve. It is/was actually a requirement for financial
institutes, governments and ISPs running Linux-based services to comply
to the SOX and Basel II acts. Besides, ttyrpld can also be cirumvented
on a normal Linux distribution without special countermeasures or
policies regarding kernel module loading. It's just a tad bit harder to do.
The cited patch has auditing and trace facilities up to the point where
no intended malicious actions happen. It's only there to log and not to
prevent any kind of attack.
Some of our systems for example run a highly secured Linux distribution
(Pitbull LX, SELinux, RSBAC, and partially other compartmentalized
environments), but some of those enhanced security systems do not
provide sufficient logging mechanisms to comply to those new acts.
The reason I mentioned my patch is that it's non-intrusive, and this
helps in case of a security certification, and maybe also otherwise. YMMV.
Best regards,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
