| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1078471340.1706.34.camel@limit.tm.in> From: balwinder at gmx.net (Balwinder Singh) Subject: EFC Released > Seems very interesting, but how does it affect performance/stability of the system/kernel? EFC was quite stable when testing was made on hack us box(around 8 months back). But this is a major rewrite of original code, hence more testing needs to be done. As efc is going to add one more layer performance will suffer, benchmarking will reveal exact performance loss, which is yet to be done. EFC Components -------------- 1. Generate and enforce behavior model of a program. 2. Hook with pam lib to let kernel know when each authentication takes place. Supposed to be useful for sshd,ftpd like programs. 3. Define some critical calls with which must require authentication from kernel. eg open(/etc/shadow) request by program other than sshd. 4. Define general rule set which might help performance gain. Also might help in case where behavior model will miss particular call, such as exception/error handling which might occur occasionally. As we are far away from a perfect model (and I don't see it happening unless govt enforces), there will always be some false positives. You can edit behavior model by hand and add entries in general rules to keep false positives at minimum. regards bal
Powered by blists - more mailing lists