Re: Fw: Re[2]: FW: Linux server as it own firewall
From: Seth Arnold (sarnold@wirex.com)Date: 09/18/01
- Previous message: bugtraq@t-swat.com: "Re: Clever Firewall Rules, Second Edition"
- In reply to: Charles A. Clinton: "Re: Fw: Re[2]: FW: Linux server as it own firewall"
- Next in thread: Jeff Schaller: "Re: Fw: Re[2]: FW: Linux server as it own firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Sep 2001 18:22:20 -0700 From: Seth Arnold <sarnold@wirex.com> To: focus-linux@securityfocus.com Subject: Re: Fw: Re[2]: FW: Linux server as it own firewall Message-ID: <20010917182220.H30987@wirex.com>
On Mon, Sep 17, 2001 at 02:51:11PM -0700, Charles A. Clinton wrote:
> Or, if you were building a small, custom kernel and images: pseudo-randomize
> the syscall numbers into a range above ~300, and trap anything below that.
Not a bad idea; however, rather than writing assembly with the syscalls
directly, attackers could simply hit the __mount, __execve, et al
wrapper functions exported from glibc to accomplish the same tasks -- in
a fashion probably more portable than hitting syscalls.
Thanks to Steve at WireX for pointing this out to me.. :)
- Previous message: bugtraq@t-swat.com: "Re: Clever Firewall Rules, Second Edition"
- In reply to: Charles A. Clinton: "Re: Fw: Re[2]: FW: Linux server as it own firewall"
- Next in thread: Jeff Schaller: "Re: Fw: Re[2]: FW: Linux server as it own firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
