[7798] in bugtraq
Re: Security Hole in Axent ESM
daemon@ATHENA.MIT.EDU (Bert Driehuis)
Sat Aug 29 21:51:58 1998
Date: Sat, 29 Aug 1998 22:44:12 +0200
Reply-To: bert_driehuis@NL.COMPUWARE.COM
From: Bert Driehuis <bert_driehuis@NL.COMPUWARE.COM>
X-To: "Mark (Mookie)" <mark@ZANG.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199808280933.CAA06281@zang.com>
On Fri, 28 Aug 1998, Mark (Mookie) wrote:
> >ESM does not only look at CRC's to verify if a file is genuine. It also looks
> >at the timestamps; both the m-time and the c-time. m-times are easy to change,
> >c-times are a lot harder and leave a trace.
[snip]
> This doesn't leave a trace. There are numerous other programs to completely
> replace all timestamps as normal, undetected. Technology has come a long way
> since the above was written.
This is why BSD/OS since version 3.0 disallows setting the clock
backwards when running at normal securelevel. I think more operating
systems need that feature. Subverting timestamps in this environments
becomes much harder.
Cheers,
-- Bert
Bert Driehuis, MIS -- bert_driehuis@nl.compuware.com -- +31-20-3116119
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
