Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 18 Sep 1999 19:15:44 -0600
From:      Wes Peters <wes@softweyr.com>
To:        "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc:        Warner Losh <imp@village.org>, Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject:   Re: BPF on in 3.3-RC GENERIC kernel
Message-ID:  <37E43940.175437CB@softweyr.com>
References:  <199909180711.AAA50768@gndrsh.dnsmgr.net>

next in thread | previous in thread | raw e-mail | index | archive | help
"Rodney W. Grimes" wrote:
> 
> > Warner Losh wrote:
> > >
> > > In message <37E32365.B9F9573B@softweyr.com> Wes Peters writes:
> > > : Worked for me.  A well-written, accurate analogy too.
> > >
> > > I'll have to try again later...  I'd be very interested in this.  I
> > > personally think that schg is useful against accidental mistakes, but
> > > flawed in implementation.
> >
> > Agreed.  It's a good tool, but isn't going to stop somebody who's both
> > clever and dedicated.  A similar facility in VMS didn't stop Kevin
> > Mittnick from stealing the VMS source code from my ex-boss.  ;^)
> 
> But SYS$AUDIT would have at least let him know it was stolen :-).  And
> perhaps alerted him before Kevin got out the door with the tape.

It did, and he got it over a dial-up line, after making an end-run around
one of the company's security tools that was poorly installed.  Duh.

> > > Although some of that may be due to inperfections in /etc/rc and
> > > friends.
> >
> > I think a lot of the system startup just happened, rather than being
> > designed from a security standpoint.  I'm attempting to land myself a
> > job where I would be paid to fix this, among other things.  I'll let
> > you all know if/when it happens.
> 
> 99% of most OS's ``just happen'' without concern for secuirity.  And
> good luck on that new work load your digging yourself in for!!

Yes, security usually happens as an afterthought.  Even VMS, which did 
have good security mechanisms, was delivered out of the box with several
stupidities, and most installations added several more.

At least we're smart enough to make the user pick a root password on 
installation.  ;^)

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
http://softweyr.com/                                           wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37E43940.175437CB>