|
Plash v1.16 (Tools for practical least privilege)
|
|
Hits: 2 |
|
Date added: 10/22/2006 |
|
Plash is a system for sandboxing GNU/Linux programs. Plash's aim is to protect you from the programs you run by letting you run them with the minimum authority and privileges they need do do their job -- this is the Principle of Least Authority (POLA). Plash can run programs in a secure, restricted execution environment with access to a limited subset of your files. |
|
|
|
|
|
|
Sysmask v1.02
|
|
Hits: 2 |
|
Date added: 03/09/2007 |
|
Sysmask is a security solution designed for Linux systems. It can protect
the system integrity against vulnerabilities in the great majority of codes,
whether known or unknown, patched or non-patched, in user programs,
libraries or the kernel.
Sysmask can be configured to restrict the access of a process or a user to
system resources: files, sockets, devices, system calls, disk space, memory
usage. The restriction policy can be defined with great precision, sometimes
contextual. Processes with tightly restricted access rights may continue to
do their normal work as before, but if they are compromised, the malicious
code that gets run will be unable to harm the system except for the job that
is assigned to the compromised process.
A fully deployed sysmask can protect the system against any vulnerability
except those in a small portion of the kernel, which is historically very
solid, plus those in the sysmask package itself.
With respect to other security solutions, several novel features have been
introduced in sysmask.
1. It offers protection against most kernel vulnerabilities that occur or
will occur in practice, by allowing selective closure of unused system
calls and activities for untrusted processes or users.
2. Using configuration definitions with a simple user-friendly syntax,
interactive security reactions can be defined in various ways, leading to
flexible and highly customizable security schemes without the need to
recompile existing softwares nor even to modify their configurations.
Custom interactive reactions greatly enhance the security level, as the
system behavior becomes unpredictable to outside attackers with no knowledge
of these reactions.
3. It can protect against both system level risks (unauthorized accesses
etc.) and user level risks (viruses etc.), and includes efficient resource
consumption limitations that overcome the shortcomings of traditional rlimit
setups.
4. It supports runtime reconfiguration with a menu-based user interface that
accepts feedback configuration.
Sysmask introduces only minimal or negligeable performance overhead, except
for a few programs under special conditions and requiring highly selective
protection.
The package of sysmask is also very simple and compact, with its critical
parts independent of outside codes (libraries), minimizing the probability
of bugs contained in the package itself.
Sysmask allows you to radically reduce the need to update your system
components for security reasons, because you can now live with
vulnerabilities without being hurt. Traditional anti-virus scanners are no
longer needed, let alone the need to update them, because sysmask can
prevent any virus from being installed. |
|
|
|
|
|
Streams
|
|
Hits: 3 |
|
Date added: 03/01/2005 |
|
The NTFS file system provides applications the ability to create alternate data streams of information. By default, all data is stored in a file's main unnamed data stream, but by using the syntax file:stream , you are able to read and write to alternates. Not all applications are written to access alternate streams, but you can demonstrate streams very simply. First, change to a directory on a NTFS drive from within a command prompt. Next, type echo hello > test:stream . You've just created a stream named 'stream' that is associated with the file 'test'. Note that when you look at the size of test it is reported as 0, and the file looks empty when opened in any text editor. To see your stream enter more < test:stream (the type command doesn't accept stream syntax so you have to use more).
NT does not come with any tools that let you see which NTFS files have streams associated with them, so I've written one myself. Streams will examine the files and directories (note that directories can also have alternate data streams) you specify and inform you of the name and sizes of any named streams it encounters within those files. Streams makes use of an undocumented native function for retrieving file stream information. Full source code is included.
Usage: streams [-s] [-d] <file or directory>
-s Recurse subdirectories.
-d Delete streams.
Streams takes wildcards e.g. 'streams *.txt'. |
|
|
|
|
|
|
PendMoves
|
|
Hits: 3 |
|
Date added: 03/01/2005 |
|
There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots, before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLMSystemCurrentControlSetControlSession ManagerPendingFileRenameOperations value.
This applet dumps the contents of the pending rename/delete value and also reports an error when the source file is not accessible. |
|
|
|
|
|
|
DiskExt
|
|
Hits: 3 |
|
Date added: 03/01/2005 |
|
DiskExt demonstrates the use of the IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS command that returns information about what disks the partitions of a volume are located on (multipartition disks can reside on multiple disks) and where on the disk the partitions are located. |
|
|
|
