Date: Wed, 11 Dec 1996 18:08:11 -0800 From: David Greenman <dg@root.com> To: jc@irbs.com (John Capo) Cc: freebsd-security@freebsd.org Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) Message-ID: <199612120208.SAA12992@root.com> In-Reply-To: Your message of "Wed, 11 Dec 1996 12:12:06 EST." <Mutt.19961211121206.jc@irbs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Quoting David Greenman (dg@root.com): >> >> I made the mistake of putting bpf in freefall's kernel a long time ago and >> forgot it was in there. Someone eventually took advantage of that and used it >> to sniff passwords at Walnut Creek CDROM. This led to a serious break-in on >> wcarchive. Needless to say, bpf is no longer in freefall's kernel. It was > >Are you saying that there is a way for a normal user to use bpf >when permissions should prevent access? No, I'm saying that after he exploited a security hole and gained root that he then used bpf to sniff passwords. Adding bpf to the kernel and rebooting the machine would *definately* have been noticed. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612120208.SAA12992>