Date: Thu, 12 Dec 1996 09:58:36 -0500 From: Garrett Wollman <wollman@lcs.mit.edu> To: Stephen Fisher <lithium@cia-g.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) Message-ID: <9612121458.AA24275@halloran-eldar.lcs.mit.edu> In-Reply-To: <Pine.BSI.3.95.961212073226.2381E-100000@maslow.cia-g.com> References: <199612110432.UAA10905@root.com> <Pine.BSI.3.95.961212073226.2381E-100000@maslow.cia-g.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 12 Dec 1996 07:32:56 -0700 (MST), Stephen Fisher <lithium@cia-g.com> said: > Can't the hacker just recompile the kernel with bpf support and then use > it, though? Not if you run at security level 2, make all the files in /bin, /sbin, /usr/bin, and /usr/sbin, and some of the files in /etc and / system immutable, and make all those directories plus / and /dev system append-only. If you're running a public-access shell system, you most certainly should do just that. (It's a big hassle for ordinary users, which is why we don't ship systems that way.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9612121458.AA24275>