Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Jun 1999 18:23:13 -0400 (EDT)
From:      Pete Fritchman <petef@netreach.net>
To:        Warner Losh <imp@harmony.village.org>
Cc:        Barrett Richardson <barrett@phoenix.aye.net>, Unknow User <kernel@tdnet.com.br>, security@FreeBSD.ORG
Subject:   Re: some nice advice.... 
Message-ID:  <Pine.LNX.3.96.990616182221.28882A-100000@static-petef.netreach.net>
In-Reply-To: <199906161918.NAA01012@harmony.village.org>

next in thread | previous in thread | raw e-mail | index | archive | help
If you get compromised, why does it matter?
The attacker compiles a new kernel, waits for you to reboot, boom.

It's kind of hard/stupid to think about something in terms of "what if you
get compromised" - he'll have root and be able to do whatever you are
thinking about doing (equal privelages)

just my two cents.

--------------------
[  Pete Fritchman  ]
[ Systems Engineer ]
[petef@netreach.net]
--------------------

On Wed, 16 Jun 1999, Warner Losh wrote:

> Date: Wed, 16 Jun 1999 13:18:03 -0600
> From: Warner Losh <imp@harmony.village.org>
> To: Barrett Richardson <barrett@phoenix.aye.net>
> Cc: Unknow User <kernel@tdnet.com.br>, security@FreeBSD.ORG
> Subject: Re: some nice advice.... 
> 
> In message <Pine.BSF.4.01.9906160538310.18250-100000@phoenix.aye.net>
> Barrett Richardson writes: 
> : [bpf] can be some risk. If a machine with bpf enabled gets compromised
> : the attacker can use it as a network sniffer.
> 
> That's the biggest reason that I do not enable it on most of my
> machines if I can at all help it.
> 
> However, one could argue that if a machine gets compromized, then an
> attacker could, on the next reboot, cause arbitrary code to run via
> the rc mechanism....  This 'hold' is hard to plug, but is plugable if
> you are running with an elevated secure level...
> 
> Warner
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.990616182221.28882A-100000>