From owner-freebsd-arch Sun Jul 9 7: 1:13 2000 Delivered-To: freebsd-arch@freebsd.org Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87]) by hub.freebsd.org (Postfix) with ESMTP id 4CC1937B839 for ; Sun, 9 Jul 2000 07:01:06 -0700 (PDT) (envelope-from dcs@newsguy.com) Received: from newsguy.com (p06-dn03kiryunisiki.gunma.ocn.ne.jp [210.232.224.135]) by peach.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id XAA23750; Sun, 9 Jul 2000 23:00:33 +0900 (JST) Message-ID: <3968839A.2A70D91F@newsguy.com> Date: Sun, 09 Jul 2000 22:52:26 +0900 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en,pt-BR,ja MIME-Version: 1.0 To: Adam Cc: Alfred Perlstein , arch@FreeBSD.ORG Subject: Re: making the snoop device loadable. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Adam wrote: > > There are alot of people who have root that couldn't craft such a kernel > module if they wanted to, and even if they could, I'd venture to say > they'd need a whole bunch of motivation and a considerable amount of > time. I cannot tell from the init manpage which securelevel is needed to > prevent loading kernel modules but I'm pretty sure it would make things a > pain in the butt for admins trying to do Real Work remotely such as > upgrading the kernel. I think it would be nice to prevent easy snooping > without making life hard for the admin. The kernel has all the power over > the computer, I dont think this is an issue that should require > engineering to prevent, I would like my kernel to just say NO. If I have > to hack it so the snoop module wouldnt work if loaded or something, thats > a pain for me since I couldnt code hello world from a blank editor if I > wanted to. If I had to tell someone else they had to hack the kernel to > prevent this or have the kernel get alot more anal in general about > permissions, I don't think it would go over well, especially to someone > less experienced than me. This argument is completely flawed. Hackers use tools, which are available elsewhere. One of the best guides to kld programming is a guide to hacking FreeBSD. It's pretty simple: if there isn't an easier way of doing it, hackers will have a snooping kld available. All this stuff is done automatically, and the hacker needs know the first thing about Unix (if you want proof, go check the recent series on hacking that ran on both Slashdot and Daily DaemonNews). You gain nothing by not having such a module coming by default. Nothing. And I should remind you... if a hacker is able to load a module, he has gained root already. I garantee you that any hacker who has gained root already, unless your security is laughable, has access to the resources that provide such nifty modules/{ls,netstat,inet,etc} replacements/rooting tools. I'll say it again: DO NOT DEPEND ON SNOOP NOT BEING A LOADABLE MODULE. It is *POSSIBLE*, so you can pretty much rest assured that the hackers either have that, or something easier. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@the.great.underground.bsdconpiracy.org _DES: The Book of Bruce has only one sentence in it, and it says "the actual directives of my cult are left as an exercise for the reader. Good luck." jkh: does it really include the 'good luck' part? EE: OK, I made that part up. EE: I figured it should sound a bit more cheery than how Bruce initially dictated it to me. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message