SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Goal / Danger: Attack by malicious root This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Andi Kleen <ak_at_suse.de> Date: Mon, 15 Jan 2001 17:52:31 +0100 On Mon, Jan 15, 2001 at 11:22:53AM -0500, Bennett Todd wrote: > Now _if_ you had a situation where the machine was sufficiently > thoroughly physically secured, and the software running on it > sufficiently tightly configured, that you were confident that the OS > wasn't tampered with, then the problem would reduce to a real oldie, > the trusted path. The typical fix for that is to have the OS > directly support a special hot-key combo that is absolutely > guaranteed to terminate all processes associated with that console, > and start a new login process, guaranteed to come from the real OS > and not any trojan left running by the last person on that console. > That would be easy to add to selinux. In fact, I thought I'd > remembered seeing something along those lines, but when I just > checked the todo.html I didn't find 'em, maybe my brain is playing > nasty tricks on me. Linux already has a secure attention key, you just have to enable it. Unfortunately it doesn't do very good, because when the X server is unexpectedly killed it often leaves the graphic card in unusable state. >From a network login you can also just open a new ssh/telnet etc. -Andi -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Mon 15 Jan 2001 - 11:58:59 EST This message: [ Message body ] Next message: Preston L. Bannister: "RE: Goal / Danger: Attack by malicious root" Previous message: Bennett Todd: "Re: Goal / Danger: Attack by malicious root" In reply to: Bennett Todd: "Re: Goal / Danger: Attack by malicious root" Next in thread: Preston L. Bannister: "RE: Goal / Danger: Attack by malicious root" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom