Date: Fri, 17 Sep 1999 16:08:33 -0700 (PDT) From: Kris Kennaway <kris@hub.freebsd.org> To: Brett Glass <brett@lariat.org> Cc: "Matthew D. Fuller" <fullermd@futuresouth.com>, security@FreeBSD.ORG Subject: Re: Securing a system that's been rooted remotely (Was: BPF on in 3.3-RC GENERIC kernel) Message-ID: <Pine.BSF.4.10.9909171603270.26241-100000@hub.freebsd.org> In-Reply-To: <4.2.0.58.19990917155850.047bd680@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 Sep 1999, Brett Glass wrote: > At 01:43 PM 9/17/99 -0500, Matthew D. Fuller wrote: > > >I can't imagine anyone who would need and use a high securelevel like > >that, and still run a GENERIC kernel. If they do, then their worldview > >would seem to be slightly skewed. I run a custom (2.1.5-REL) kernel on > >musca, which is a 386 SX/20. It took 6 hours to compile. On mortis > >(4.0-CURRENT) a kernel takes approx. 2 minutes to compile. This is not a > >major time investment. > > If securelevel isn't set high, a hacker can switch you BACK to the generic > kernel with a few keystrokes. You're missing Matthew's point: Securelevel low, GENERIC kernel = vulnerable with or without bpf (intruder replaces kernel or loads a sniffer module) Securelevel high, GENERIC kernel = still vulnerable with or without bpf unless you really lock the system down carefully Securelevel high, GENERIC kernel, locked down with schg = silly, because for all the work you've done to audit the startup path, you might as well have just commented out the bpf driver and rebuilt your kernel too. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909171603270.26241-100000>