Date: Wed, 27 May 1998 10:45:10 -0700 From: Mike Smith <mike@smith.net.au> To: freebsd-security@FreeBSD.ORG Subject: Re: Virus on FreeBSD Message-ID: <199805271745.KAA00931@dingo.cdrom.com> In-Reply-To: Your message of "Wed, 27 May 1998 12:04:51 EDT." <199805271604.MAA22991@brain.zeus.leitch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Here we have possibly a dozen people who might build their own kernel, > and some of those same people are also authorized to do maintenance work > (such as building new kernels) on production machines. If any of those > kernels that contain LKM support get from a desktop machine to a > production machine, then I'd like to have some way to detect this. In > other environments where the number of such authorized people may be at > least an order of magnitude larger, then such simple verification > measures can be of real value. The advantages of being able to give > people responsibilities and the freedom to carry out those > responsibilties, while at the same time not having to manually look over > their shoulders 100% of the time, are great. > > On the other hand I don't hold a whole lot of hope that I can easily > implement a tool that will be able to detect code signatures or > patterns, even for a given processor family such as those FreeBSD runs > on. Depending on the circumstances, 'options INCLUDE_CONFIG_FILE' may be enough of a requirement for you to be happy. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805271745.KAA00931>