Sebek2 - A Kernel-based Data Capture Tool

← Back to Stories (view on slashdot.org)

Sebek2 - A Kernel-based Data Capture Tool

Posted by michael on Saturday September 27, 2003 @08:52AM from the i-spy-with-my-little-eye dept.

LogError writes "Sebek is a piece of code the lives entirely in kernel space and records either some or all data accessed by users on the system. This paper is a detailed discussion of Sebek, how it works and its value."

3 of 74 comments (clear)

Min score:

Reason:

Sort:

Sigh by borius · 2003-09-27 08:53 · Score: 0, Offtopic

Great, now we can have goatse.cx links in kernel panic messages...
After 20+ years of buffer overflow exploits... by Julianna · 2003-09-27 12:08 · Score: 0, Offtopic

...you'd think that developers would finally know how to write software that doesn't have such vulnerabilities.
But unfortunately we don't seem to have made that much progress, despite the reasonably large number of development tools we have that address such issues (including anything from memory debuggers to string libraries). I mean, really ... people are still writing these things in C ... in the 21st century! I'm a big fan of picking the right tool for the job, but I think it should be clear by now that C isn't the right tool for writing secure software. There are simply too many ways to screw up.
I think it's time we started writing system software (that is, software which provides services but which runs as a process under the OS) in a language which doesn't have these problems. And if a suitable language is unavailable, that argues strongly for creating that language.
You might still have to worry about buffer overflow exploits against the kernel, but that's a much more manageable problem.
Re:Great tool in the right hands by Alien+Being · 2003-09-27 20:13 · Score: 0, Offtopic

That's pathetic. Neo-nazis are so passe. Why don't you try being a hun for a while?