From owner-freebsd-security Fri Sep 17 16: 8:35 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 834281503E; Fri, 17 Sep 1999 16:08:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 776B71CD47B; Fri, 17 Sep 1999 16:08:33 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Fri, 17 Sep 1999 16:08:33 -0700 (PDT) From: Kris Kennaway To: Brett Glass Cc: "Matthew D. Fuller" , security@FreeBSD.ORG Subject: Re: Securing a system that's been rooted remotely (Was: BPF on in 3.3-RC GENERIC kernel) In-Reply-To: <4.2.0.58.19990917155850.047bd680@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 17 Sep 1999, Brett Glass wrote: > At 01:43 PM 9/17/99 -0500, Matthew D. Fuller wrote: > > >I can't imagine anyone who would need and use a high securelevel like > >that, and still run a GENERIC kernel. If they do, then their worldview > >would seem to be slightly skewed. I run a custom (2.1.5-REL) kernel on > >musca, which is a 386 SX/20. It took 6 hours to compile. On mortis > >(4.0-CURRENT) a kernel takes approx. 2 minutes to compile. This is not a > >major time investment. > > If securelevel isn't set high, a hacker can switch you BACK to the generic > kernel with a few keystrokes. You're missing Matthew's point: Securelevel low, GENERIC kernel = vulnerable with or without bpf (intruder replaces kernel or loads a sniffer module) Securelevel high, GENERIC kernel = still vulnerable with or without bpf unless you really lock the system down carefully Securelevel high, GENERIC kernel, locked down with schg = silly, because for all the work you've done to audit the startup path, you might as well have just commented out the bpf driver and rebuilt your kernel too. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message