From owner-freebsd-security Fri Sep 17 15: 9:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7034B1582B for ; Fri, 17 Sep 1999 15:09:21 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA83128; Fri, 17 Sep 1999 16:09:20 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA05554; Fri, 17 Sep 1999 16:08:19 -0600 (MDT) Message-Id: <199909172208.QAA05554@harmony.village.org> To: Brett Glass Subject: Re: BPF on in 3.3-RC GENERIC kernel Cc: Liam Slusser , Kenny Drobnack , "Harry M. Leitzell" , security@FreeBSD.ORG In-reply-to: Your message of "Fri, 17 Sep 1999 16:05:57 MDT." <4.2.0.58.19990917160519.047cc890@localhost> References: <4.2.0.58.19990917160519.047cc890@localhost> <4.2.0.58.19990916185341.00aaf100@localhost> Date: Fri, 17 Sep 1999 16:08:18 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.2.0.58.19990917160519.047cc890@localhost> Brett Glass writes: : At 02:04 PM 9/17/99 -0600, Warner Losh wrote: : : > As it is, it takes a hell of a lot of work to keep root : >from running completely arbitrary commands on boot. : : Sounds like a job for an automatic utility! Yes. Automation would help. Today you almost have to do chflags schg /usr/{s,}bin/* /{s,}bin/* /usr/libexec/* /etc/* /usr/lib/* to get started, but even that leaves a few holes... I'd love to see an intellegent automation tool and would happily review it. Sadly, I don't have the time to write and maintain said tool. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message