From owner-freebsd-stable  Mon Sep  6 11:27: 1 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from out1.mx.skynet.be (out1.mx.skynet.be [195.238.2.36])
	by hub.freebsd.org (Postfix) with ESMTP
	id 66B5715D33; Mon,  6 Sep 1999 11:26:55 -0700 (PDT)
	(envelope-from blk@skynet.be)
Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121])
	by out1.mx.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id UAA06650;
	Mon, 6 Sep 1999 20:34:30 +0200 (MET DST)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v04205531b3f9b409c3d7@[195.238.1.121]>
In-Reply-To: <199909061741.KAA19927@dingo.cdrom.com>
References: <199909061741.KAA19927@dingo.cdrom.com>
Date: Mon, 6 Sep 1999 20:13:08 +0200
To: Mike Smith <mike@smith.net.au>
From: Brad Knowles <blk@skynet.be>
Subject: Re: softupdates in latest build?
Cc: freebsd-questions@freebsd.org, freebsd-stable@freebsd.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 10:41 AM -0700 1999/9/6, Mike Smith wrote:

>                   By the time an attacker has enough access rights on
> your system to make use of the packet filter, they have enough access
> rights to add it if it's not there.

	That's certainly true.  However, if this feature is disabled by 
default, this throws just one more roadblock in front of some script 
kiddie that might want to break into your system.

	It won't stop a determined cracker (nothing will), and it won't 
stop someone with half an ounce of intelligence (they can just 
rebuild the kernel), but if you at least turn this off by default 
then they're forced to rebuild the kernel in order to enable this 
feature, and that would require a reboot.  That might just make the 
system that much more noticable if someone tries to crack into it and 
install a password sniffer, and that much less easy to compromise 
security at that site.

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message