From owner-freebsd-security Wed Jul 11 0:48:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 57F2037B401 for ; Wed, 11 Jul 2001 00:48:24 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f6B7lHl58306; Wed, 11 Jul 2001 00:47:18 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Matt Dillon" , "Alfred Perlstein" Cc: "Robert E. Lee" , "Dag-Erling Smorgrav" , , Subject: RE: Kernel Panic Date: Wed, 11 Jul 2001 00:47:17 -0700 Message-ID: <000001c109dd$b5342380$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 In-Reply-To: <200107110605.f6B657X24415@earth.backplane.com> Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >-----Original Message----- >From: Matt Dillon [mailto:dillon@earth.backplane.com] >Sent: Tuesday, July 10, 2001 11:05 PM >To: Alfred Perlstein >Cc: Robert E. Lee; Dag-Erling Smorgrav; Ted Mittelstaedt; >js43064n@pace.edu; freebsd-security@FreeBSD.ORG >Subject: Re: Kernel Panic > > > >:* Robert E. Lee [010710 22:54] wrote: >:> On 24 Jun 2001, Dag-Erling Smorgrav wrote: >:> > "Ted Mittelstaedt" writes: >:> > A disk error would not crash the system. Please stop spouting >:> > unfounded (though highly imaginative) bullshit. >:> Matt - I'm rather pissed off to see this because I didn't say that and your cutting and pasting makes it look like I did. If you go back to the original mail in question you will find that Dag-Erling Smorgrav (des@ofug.org) is the one that wrote that. I in fact responded and said: "I didn't say "disk error" I said "disk system" and I made a particular point in the first message of saying that such an error is most likely due to a combination of problems with the motherboard and disk. And YES, a disk subsystem error CAN crash the system in fact not only crash it but completely garbage the filesystem in the process." Please be more careful quoting in the future. As far as the rest of your message I agree with it completely, as you say the fix is proper system admining, not a bunch of additional code that may or may not work the way you think you want it to. After all shell access on a production multiuser system with a lot of users depending on it is a privilege, not a right these days. While building a shell script that will crash the system is an interesting academic exercise, I hardly think that it's really applicable to 99% of the sites out there. Such code may have applicability in the "college campus" situation where you have a lot of hostile users, but as I keep pointing out to the academics that build these security contraptions, In The Real World most administrators find that the threat of criminal prosecution is far more effective at deterring this kind of greasy kids stuff on corporate networks than an elaborate security system. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message