search

ravthan / all-eyes

Automatically exported from code.google.com/p/all-eyes
0 stars 0 forks source link

prevent rogue monitors #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
daemon should have a checksum of monitors it is going to exec in the 
chroot-environment.  It is upto the monitors to validate each file it uses with 
checksum.  Each monitor may have to do this since the daemon will only take 
care of the entry point of the monitors,
ravi.

Original issue reported on code.google.com by ravt...@gmail.com on 15 Oct 2012 at 2:47

GoogleCodeExporter commented 8 years ago 
Monitor should take checksum of each monitor it execs.  Compare it with the 
compiled version.  Then it is up to the monitors to do that in turn to prevent 
rogue monitors entering into the system,
ravi.

Original comment by ravt...@gmail.com on 15 Oct 2012 at 3:21

GoogleCodeExporter commented 8 years ago 
Checking the checksum of the executables, using absolute pathnames etc. are all 
responsibility of the monitor since the daemon only calls a C function, 
configured at compile time of the monitor.  Already socketmon is doing that.  
use that as an example,
ravi.

Original comment by ravt...@gmail.com on 27 Oct 2012 at 11:47

GoogleCodeExporter commented 8 years ago 
Verified with unit testing

Original comment by tbrt....@gmail.com on 9 Dec 2012 at 9:24