--=_courier-24379-1048545099-0001-2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Mon, 2003-03-24 at 23:20, Robert L. Harris wrote:
> Has anyone tested to see if "Snare" from intersectalliance.com can
> detect someone executing a ptrace attack? An old company I used to work
> for has a number of production kernels out and can't just upgrade them
> all over night so they need a good detection method and short-term fix
> if possible. In the past we had evaluated Snare which I pointed him to
> but we're not sure if/how it might detect such an attack.
I audited snare several months ago, and back then it was trivial to even
get a basic rm /etc/passwd done unaudited..... the design back then was
just not tight. I've heard the SNARE guys have been working hard to
improve that but I've not had time to look at the new code
--=_courier-24379-1048545099-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA+f4bbxULwo51rQBIRAjeJAJsHFwaeonvRmQcR4zBRHY4rCRlyoACgmgzc
BMdkxhTWKG6jIzWGT4UcAMc=
=aGCO
-----END PGP SIGNATURE-----
--=_courier-24379-1048545099-0001-2--