SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: grsecurity / LSM issue This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Douglas Williams <douglaswilliams_at_sympatico.ca> Date: Mon, 15 Mar 2004 22:38:31 -0500 So their is no evidence? Has anyone set up a box that everyone can try to crack? I recall in the past that Microsoft challenged everyone to find vulnerabilities in one of their servers. :-) Original Message ----- From: "Russell Coker" <russell@coker.com.au> To: "Bill McCarty" <bmccarty@pt-net.net> Cc: <selinux@tycho.nsa.gov> Sent: Sunday, March 14, 2004 12:07 AM Subject: Re: grsecurity / LSM issue > On Sat, 13 Mar 2004 04:45, Bill McCarty <bmccarty@pt-net.net> wrote: > > <jtl2nospamMUNGIEjump@hotmail.com> wrote: > > > Would it be possible to make a snapshot clone of the disk and make that > > > available to people experienced with forensics? I was thinking of the > > > honeypot/net project folks and the competition to analyse a rooted system > > > a > > > few years back. > > > > I'm the director of a Honeynet Alliance project and work with the Honeynet > > Project, having been the lead on Scan of the Month #27. If Russell wants to > > pursue the possibility of using his data as the basic for a Honeynet > > Project Forensic Challenge, I'd be happy to make the proper introductions. > > Seeing his SELinux machine as a honeypot might be pushing the envelope a > > bit; but doing so makes sense to me. > > As I mentioned in a previous message, I am not convinced that there was a > crack of the machine. It was claimed that stealth cracked it, but stealth > denies having done that or anything remotely similar. It was claimed that > the machine was cracked some months ago, if so the attacker would have had to > maintain their root-kit past upgrades of SE Linux policy, kernel, and OS > packages. It is possible that the machine was cracked and then the attacker > left it without causing any harm. > > I would be happy to give you a copy of the file system, if you are interested > then please contact me off-list. > > -- > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/ Postal SMTP/POP benchmark > http://www.coker.com.au/~russell/ My home page > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Mon 15 Mar 2004 - 22:38:28 EST This message: [ Message body ] Next message: keen_at_internode.on.net: "macros/vi" Previous message: Ed Street: "Newrole drops aliases" In reply to: Russell Coker: "Re: grsecurity / LSM issue" Next in thread: Russell Coker: "Re: grsecurity / LSM issue" Reply: Russell Coker: "Re: grsecurity / LSM issue" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom