On Tuesday, 2006-09-26 at 00:03:30 -0700, Debian Bug Tracking System wrote:
> Their explanation is attached below. If this explanation is > unsatisfactory and you have not received a better one in a separate > message then please contact Manoj Srivastava <[EMAIL PROTECTED]> by replying > to this email. > The obviously right thing to do here is to fix a naively > simple rootkit checker. Doing security by file names is seriously > broken. The right thing to do is not to use pathes that are known to be used by malware. Deliberately triggering rootkit scanners is B.A.D. You are confusing security measures with detection. Running a rootkit scanner is a means of intrusion detection. It should detect any sign of suspicious activity. This does not provide any security for the system because it will only trigger too late. Securing a system means trying to prevent intruders from entering, or if they do enter, from tampering with the system. A rootkit scanner cannot do that. Try not to make intrusion detection harder than necessary. chkrootkit can be updated to test for a flex executable and *assume* that the library in question belongs to it. But it would also test for the version of the flex binary and incorporate knowledge about the versions of flex and their library pathes. Don't you think it would be easier and more robust not to use such a path at all? Lupe Christoph -- | You know we're sitting on four million pounds of fuel, one nuclear | | weapon and a thing that has 270,000 moving parts built by the lowest | | bidder. Makes you feel good, doesn't it? | | Rockhound in "Armageddon", 1998, about the Space Shuttle | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
