Date: Sun, 9 Jul 2000 15:35:28 -0400 (EDT) From: Adam <bsdx@looksharp.net> To: Alfred Perlstein <bright@wintelcom.net> Cc: arch@FreeBSD.ORG Subject: Re: making the snoop device loadable. Message-ID: <Pine.BSF.4.21.0007091524430.407-100000@turtle.looksharp.net> In-Reply-To: <20000709120705.Q25571@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jul 2000, Alfred Perlstein wrote: >* Adam <bsdx@looksharp.net> [000709 11:57] wrote: >> On Sun, 9 Jul 2000, Poul-Henning Kamp wrote: >> >> >In message <Pine.BSF.4.21.0007091411480.407-100000@turtle.looksharp.net>, Adam >> >writes: >> >>On Sun, 9 Jul 2000, Poul-Henning Kamp wrote: >> >> >> >>> >> >>>>If this change goes in, what do you do if you wish not to have snooping >> >>>>capable through the snp device and do not wish to lock unneccessary parts >> >>>>of the system down with securelevel? >> >>> >> >>>You do the same as before: Hold on tight to your root password. >> >> >> >>I dont like kernel changes that make the kernel do less babysitting and me >> >>more. Tough, I guess. >> > >> >You have always needed to babysit your root password. >> >> Ok, I give in to the argument. I would just like to make a wish. On Jan >> 24 1999 peter took the NO_LKM option out of LINT. I assume the support >> for it in other files was removed around that time also. Could someone >> implement a NO_KLD option so you dont need to use securelevel > 0 so >> people have an obvious option and dont have to know the kernel well enough >> to hack syscalls.master? > >More security through obscurity when /dev/mem and /dev/kmem are >accessable. > >Bite the bullet and up your securelevel! > >-Alfred Why did it exist from FreeBSD-WhoKnowsWhen until 1999? I'd like to use X via startx and not xdm too. I dont recall FreeBSD allowing X to start after securelevel is > 0 because it accesses /dev/mem. If it does now, I'll shut up. I tried searching the mail archives for discussions about why NO_LKM is bad but couldn't find anything. Could you help me find a discussion on it or tell me why disabling kernel modules is *not* security? Assuming I'd notice a reboot and would consequently whup some butt if someone did. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007091524430.407-100000>