From owner-freebsd-security  Sat Sep 18  0: 0:38 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mail.xmission.com (mail.xmission.com [198.60.22.22])
	by hub.freebsd.org (Postfix) with ESMTP id D3FC715867
	for <security@freebsd.org>; Sat, 18 Sep 1999 00:00:28 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from [204.68.178.39] (helo=softweyr.com)
	by mail.xmission.com with esmtp (Exim 2.12 #2)
	id 11SETv-0004RS-00; Sat, 18 Sep 1999 01:00:23 -0600
Message-ID: <37E33885.B2B42D8C@softweyr.com>
Date: Sat, 18 Sep 1999 01:00:21 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Warner Losh <imp@village.org>
Cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject: Re: BPF on in 3.3-RC GENERIC kernel
References: <37E32365.B9F9573B@softweyr.com>  <4.2.0.58.19990917201820.046f09e0@localhost> <4.2.0.58.19990917160519.047cc890@localhost> <Your message of "Thu, 16 Sep 1999 18:54:24 MDT." <4.2.0.58.19990916185341.00aaf100@localhost> <4.2.0.58.19990916185341.00aaf100@localhost> <Pine.GSO.3.96.990916150427.5757E-100000@mission.mvnc.edu> <199909172208.QAA05554@harmony.village.org> <199909180244.UAA07013@harmony.village.org> <199909180612.AAA00597@harmony.village.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Warner Losh wrote:
> 
> In message <37E32365.B9F9573B@softweyr.com> Wes Peters writes:
> : Worked for me.  A well-written, accurate analogy too.
> 
> I'll have to try again later...  I'd be very interested in this.  I
> personally think that schg is useful against accidental mistakes, but
> flawed in implementation.

Agreed.  It's a good tool, but isn't going to stop somebody who's both
clever and dedicated.  A similar facility in VMS didn't stop Kevin 
Mittnick from stealing the VMS source code from my ex-boss.  ;^)

> Although some of that may be due to inperfections in /etc/rc and
> friends.

I think a lot of the system startup just happened, rather than being 
designed from a security standpoint.  I'm attempting to land myself a
job where I would be paid to fix this, among other things.  I'll let 
you all know if/when it happens.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
http://softweyr.com/                                           wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message