From owner-freebsd-security Thu Dec 12 14:27:17 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA12301 for security-outgoing; Thu, 12 Dec 1996 14:27:17 -0800 (PST) Received: from ns2.harborcom.net (root@ns2.harborcom.net [206.158.4.4]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA12296 for ; Thu, 12 Dec 1996 14:27:13 -0800 (PST) Received: from swoosh.dunn.org (swoosh.dunn.org [206.158.7.243]) by ns2.harborcom.net (8.8.3/8.8.3) with SMTP id RAA17340; Thu, 12 Dec 1996 17:27:04 -0500 (EST) Date: Thu, 12 Dec 1996 17:23:10 -0500 () From: Bradley Dunn To: Garrett Wollman cc: freebsd-security@freebsd.org Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) In-Reply-To: <9612121458.AA24275@halloran-eldar.lcs.mit.edu> Message-ID: X-X-Sender: bradley@harborcom.net MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 12 Dec 1996, Garrett Wollman wrote: > Not if you run at security level 2, make all the files in /bin, /sbin, You mean level 1, right? At level 2 it would be difficult to explain to users why they can't upload their web pages. :-) > /usr/bin, and /usr/sbin, and some of the files in /etc and / system > immutable, and make all those directories plus / and /dev system > append-only. If you're running a public-access shell system, you most > certainly should do just that. (It's a big hassle for ordinary users, > which is why we don't ship systems that way.) -BD