Vulnerability Development mailing list archives
Re: Core Dump as an Intrusion Event
From: antirez <antirez () linuxcare com>
Date: Thu, 12 Oct 2000 15:33:28 +0200
On Wed, Oct 11, 2000 at 11:45:51PM +0200, Gigi Sullivan wrote:
Could we find a way to be able to change this feature just *only* in single user mode? uhm ... too much effort, maybe and ... we're going to think about GNU/Linux kernel internals and I don't think the list was created for this ;) (that said, I have no problem to continue)
I hacked a bit around this patch: I developed a better patch that will be on freshmeat ASAP, it already works but I'm fixing a race with /proc. The new patch is able to log the memory address that the process tryed to access and the type of the access, even if it is portable. Unfortunately making the patch portable it is impossible (AFAIK) to distinguish between read and exec access. Check out http://www.kyuzz.org/antirez/sigsegv (that isn't jet on-line) tomorrow to get the patch and a little userspace tool to dump in a human readable format the history of the sigsegv (limited history, it's a circular buffer). The kernel patch is very little, it just install a hook function in the kernel. All the work is done in the module (i.e. if you want to upgrade you just need to unload the old module and load the new, without others kernel changes). antirez -- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.80 43 411 tel, +39.049.80 43 412 fax antirez () linuxcare com, http://www.linuxcare.com/ Linuxcare. Support for the revolution.
Current thread:
- Re: Core Dump as an Intrusion Event, (continued)
- Re: Core Dump as an Intrusion Event Eclipse, Solar (Oct 05)
- Re: Core Dump as an Intrusion Event Erik Tayler (Oct 06)
- Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 06)
- Re: Core Dump as an Intrusion Event Crist Clark (Oct 07)
- Re: Core Dump as an Intrusion Event Kev (Oct 07)
- Re: Core Dump as an Intrusion Event antirez (Oct 08)
- Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 08)
- Re: Core Dump as an Intrusion Event Gigi Sullivan (Oct 09)
- Re: Core Dump as an Intrusion Event Jarno Huuskonen (Oct 09)
- Re: Core Dump as an Intrusion Event Gigi Sullivan (Oct 11)
- Re: Core Dump as an Intrusion Event antirez (Oct 12)
- Re: Core Dump as an Intrusion Event Eclipse, Solar (Oct 05)
- Re: Core Dump as an Intrusion Event antirez (Oct 09)
- Re: Core Dump as an Intrusion Event antirez (Oct 09)
- Re: Core Dump as an Intrusion Event Daniel Roesen (Oct 10)