[13879] in bugtraq
Re: ANNOUNCE: Medusa DS9 security system
daemon@ATHENA.MIT.EDU (elijah wright)
Thu Feb 17 05:44:50 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0002152205430.7827-100000@eckhart.stderr.org>
Date: Tue, 15 Feb 2000 22:32:39 -0600
Reply-To: elijah wright <elw@DNS1.STDERR.ORG>
From: elijah wright <elw@DNS1.STDERR.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.20.0002151638370.4039-100000@marsquake.terminus.sk>
> communicates with the kernel using character device to send and receive
> "packets". Daemon contains the whole logic and implements the concrete
> security policy. That means, that medusa can (as opposite to another
[...]
> * ability to enforce process to execute an arbitrary code. This feature
> is usefull to enforce logging drom that process and so.
the fact that your program has both a userspace and a kernel-space
component makes it almost immediately suspect as "vulnerable". kind of
funny for me to get to reply to a "security tool" announcement with a
notice-of-warning.
has the source to the userspace module been audited yet? hopefully by
someoen other than the authors?
that last part sounds like it might make, with a few mods, a great 3l33t
h@x0r tool :) perhaps it might be most useful to someone good enough to
get a rootshell but not good enough to hack away at the process table by
themselves.
all in all, this thing scares me.
elijah
