From owner-freebsd-security Sat Sep 18 18:15:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (Postfix) with ESMTP id 2260014E8C for ; Sat, 18 Sep 1999 18:15:48 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from [204.68.178.39] (helo=softweyr.com) by mail.xmission.com with esmtp (Exim 2.12 #2) id 11SVZy-0006Bg-00; Sat, 18 Sep 1999 19:15:46 -0600 Message-ID: <37E43940.175437CB@softweyr.com> Date: Sat, 18 Sep 1999 19:15:44 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: "Rodney W. Grimes" Cc: Warner Losh , Brett Glass , security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel References: <199909180711.AAA50768@gndrsh.dnsmgr.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Rodney W. Grimes" wrote: > > > Warner Losh wrote: > > > > > > In message <37E32365.B9F9573B@softweyr.com> Wes Peters writes: > > > : Worked for me. A well-written, accurate analogy too. > > > > > > I'll have to try again later... I'd be very interested in this. I > > > personally think that schg is useful against accidental mistakes, but > > > flawed in implementation. > > > > Agreed. It's a good tool, but isn't going to stop somebody who's both > > clever and dedicated. A similar facility in VMS didn't stop Kevin > > Mittnick from stealing the VMS source code from my ex-boss. ;^) > > But SYS$AUDIT would have at least let him know it was stolen :-). And > perhaps alerted him before Kevin got out the door with the tape. It did, and he got it over a dial-up line, after making an end-run around one of the company's security tools that was poorly installed. Duh. > > > Although some of that may be due to inperfections in /etc/rc and > > > friends. > > > > I think a lot of the system startup just happened, rather than being > > designed from a security standpoint. I'm attempting to land myself a > > job where I would be paid to fix this, among other things. I'll let > > you all know if/when it happens. > > 99% of most OS's ``just happen'' without concern for secuirity. And > good luck on that new work load your digging yourself in for!! Yes, security usually happens as an afterthought. Even VMS, which did have good security mechanisms, was delivered out of the box with several stupidities, and most installations added several more. At least we're smart enough to make the user pick a root password on installation. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://softweyr.com/ wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message