Re: Kernel-loadable Root Kits

From: Laurent Fabre (fabre@matranet.com)
Date: 10/05/01


Date: Fri, 05 Oct 2001 11:44:40 +0200
From: Laurent Fabre <fabre@matranet.com>
To: Rasputin <rasputin@submonkey.net>

Rasputin wrote:
> * Eli Dart <dart@nersc.gov> [011004 19:30]:
>
>>In reply to "Crist J. Clark" <cristjc@earthlink.net> :
>>
>>[snip]
>>
>>
>>>Have fun. Unless there is outpouring from people who love the idea,
>>>I'm not going to commit these to FreeBSD.
>>>
>>Please consider this as part of an outpouring of support from people
>>who love the idea.
>>
>
> "me too".
>
> Isn't this fairly common among the other BSDs as well?
>
> An alternative to securelevel is sometimes useful,
> and KLDs are a fairly well-known attack method against *BSD.
>
> I don't see any harm in adding it as an option - it's doesn't have to
> (definitely shouldn't be) the default, of course.
>
>
>>I don't always have the option of running a box
>>in securelevel 1, and I would like to have this knob available, even
>>though it doesn't fix the problem all the way. Something similar
>>used to exist in FreeBSD 3.x -- I was sorry when it went away.
>>
>> --eli
>>
>
> --
> Rasputin :: Jack of All Trades - Master of Nuns ::
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>

please do commit it :)

-- 
#--------------------------------------------#
#              Laurent Fabre                 #
#            fabre@matranet.com              #      /\    ASCII ribbon
#          EADS, Matranet Product Group      #      \/      campaign
#                                            #      /\	    against
# "foreach if-diff,                          #     /  \    HTML email
#  you need to re-make world...."            #
#--------------------------------------------#
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • Re: Kernel-loadable Root Kits
    ... Unless there is outpouring from people who love the idea, ... Isn't this fairly common among the other BSDs as well? ... An alternative to securelevel is sometimes useful, ... > used to exist in FreeBSD 3.x -- I was sorry when it went away. ...
    (FreeBSD-Security)
  • cvs-src summary for November 22-29
    ... It is intended to help the FreeBSD community keep up with the fast-paced ... You can get old summaries, and an HTML version of this one, at ... objectors to any commit. ... Important bug fixes ...
    (freebsd-current)
  • cvs-src summary for September 28 - October 4
    ... It is intended to help the FreeBSD community keep up with the fast-paced ... You can get old summaries, and an HTML version of this one, at ... on diverted status -- that is, whether they came from a divert socket ... Dag-Erling Smorgrav made a commit to rm, ...
    (freebsd-current)
  • Re: Fast releases demand binary updates.. (Was: Release schedule for 2006)
    ... > stop talking about core... ... about the FreeBSD project. ... > As for the whole installation thing, you need to talk with re (release ... > they'll commit any budget to it... ...
    (freebsd-stable)
  • Re: Cant add new 1TB disk in FreeBSD 6.1
    ... LBA addressing. ... The first incident, according to CVS commit logs, was adding ... FreeBSD 6.1 should have this. ... Oct 4 04:07:30 kermit kernel: The Regents of the University of California. ...
    (freebsd-questions)