lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200310292136.42969.caraciola@gmx.net>
From: caraciola at gmx.net (Caraciola)
Subject: System monitor scheme 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That will open a big can of worms.... to start the exeloader has to supply an 
image of TEXT and CODE segments (x86), feed that to a function which 
fingerprints this ( PoC with gnupg ?), a daemon has to check every 
process/thread each ? second or so, housekeeping of the results... i think it 
will be costly in performance terms. And where do you start, it would have to 
be done on the OS itself, should spread of course to the disk-images of exes 
and so on. In the end you will need hardware to secure the machine itself ( 
heard of TCPA ?). Easiest way to achieve this would be a machine with 
seperate memory for data and program, so the hardware grants there is no 
write to the code area after initial load.....

have fun thinking about the ins and outs of this ...

Caraciola





> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/oCTUANzMondHN+cRAr9+AJ4jw2OA/OUpNbIOy/whf4VVqnW73wCgsK/J
1117UGVkdEpu27nVYV4Pfsc=
=2A1L
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ