Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Sep 1999 20:13:08 +0200
From:      Brad Knowles <blk@skynet.be>
To:        Mike Smith <mike@smith.net.au>
Cc:        freebsd-questions@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: softupdates in latest build?
Message-ID:  <v04205531b3f9b409c3d7@[195.238.1.121]>
In-Reply-To: <199909061741.KAA19927@dingo.cdrom.com>
References:  <199909061741.KAA19927@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 10:41 AM -0700 1999/9/6, Mike Smith wrote:

>                   By the time an attacker has enough access rights on
> your system to make use of the packet filter, they have enough access
> rights to add it if it's not there.

	That's certainly true.  However, if this feature is disabled by 
default, this throws just one more roadblock in front of some script 
kiddie that might want to break into your system.

	It won't stop a determined cracker (nothing will), and it won't 
stop someone with half an ounce of intelligence (they can just 
rebuild the kernel), but if you at least turn this off by default 
then they're forced to rebuild the kernel in order to enable this 
feature, and that would require a reboot.  That might just make the 
system that much more noticable if someone tries to crack into it and 
install a password sniffer, and that much less easy to compromise 
security at that site.

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04205531b3f9b409c3d7>