Date: Sun, 9 Jul 2000 13:45:42 -0400 (EDT) From: Adam <bsdx@looksharp.net> To: "Daniel C. Sobral" <dcs@newsguy.com> Cc: Alfred Perlstein <bright@wintelcom.net>, arch@FreeBSD.ORG Subject: Re: making the snoop device loadable. Message-ID: <Pine.BSF.4.21.0007091330090.407-100000@turtle.looksharp.net> In-Reply-To: <3968839A.2A70D91F@newsguy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jul 2000, Daniel C. Sobral wrote:
>Adam wrote:
>>
>> There are alot of people who have root that couldn't craft such a kernel
>> module if they wanted to, and even if they could, I'd venture to say
>> they'd need a whole bunch of motivation and a considerable amount of
>> time. I cannot tell from the init manpage which securelevel is needed to
>> prevent loading kernel modules but I'm pretty sure it would make things a
>> pain in the butt for admins trying to do Real Work remotely such as
>> upgrading the kernel. I think it would be nice to prevent easy snooping
>> without making life hard for the admin. The kernel has all the power over
>> the computer, I dont think this is an issue that should require
>> engineering to prevent, I would like my kernel to just say NO. If I have
>> to hack it so the snoop module wouldnt work if loaded or something, thats
>> a pain for me since I couldnt code hello world from a blank editor if I
>> wanted to. If I had to tell someone else they had to hack the kernel to
>> prevent this or have the kernel get alot more anal in general about
>> permissions, I don't think it would go over well, especially to someone
>> less experienced than me.
>
>This argument is completely flawed. Hackers use tools, which are
>available elsewhere. One of the best guides to kld programming is a
>guide to hacking FreeBSD. It's pretty simple: if there isn't an easier
>way of doing it, hackers will have a snooping kld available. All this
>stuff is done automatically, and the hacker needs know the first thing
>about Unix (if you want proof, go check the recent series on hacking
>that ran on both Slashdot and Daily DaemonNews).
>
>You gain nothing by not having such a module coming by default. Nothing.
>
>And I should remind you... if a hacker is able to load a module, he has
>gained root already. I garantee you that any hacker who has gained root
>already, unless your security is laughable, has access to the resources
>that provide such nifty modules/{ls,netstat,inet,etc}
>replacements/rooting tools.
>
>I'll say it again: DO NOT DEPEND ON SNOOP NOT BEING A LOADABLE MODULE.
>It is *POSSIBLE*, so you can pretty much rest assured that the hackers
>either have that, or something easier.
>
>--
>Daniel C. Sobral (8-DCS)
I think you missed my point. I'm not talking about hackers at all; if a
hacker can load a module the game is already over. I'm talking about
legit people with root who might do things behind the back of the person
who compiled the kernel without snp in the first place.
If this change goes in, what do you do if you wish not to have snooping
capable through the snp device and do not wish to lock unneccessary parts
of the system down with securelevel?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007091330090.407-100000>