Date: Thu, 6 Sep 2001 04:33:07 +0300 From: Giorgos Keramidas <charon@labs.gr> To: Damieon Stark <visigoth@securitycentric.com> Cc: current@FreeBSD.ORG Subject: Re: new feature for /etc/security Message-ID: <20010906043307.C2464@hades.hell.gr> In-Reply-To: <20010903103522.A23496@morpheus.telemere.net>; from visigoth@securitycentric.com on Mon, Sep 03, 2001 at 10:35:22AM -0500 References: <20010903103522.A23496@morpheus.telemere.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 03, 2001 at 10:35:22AM -0500, Damieon Stark wrote: > Greetings all, >=20 > In my local source tree, I have a small modification to /etc/security > which I thought would be good to get in the base tree. The attached .diff > allows /etc/security to keep a record of all non-device related files loc= ated > in /dev. Many blackhat utilities, and practices include using the /dev > directory as a location to create sniffer logs, suid binaries, and other = evil. > By keeping a database similar to /var/log/setuid.today, administrators ca= n be > notified of any changes to /dev. The diff is against -current, however t= he > functionality is unchanged between -stable and -current. Isn't this blackhat practice rendered useless with DEVFS ? Of course someone who's been hacked cannot rely on DEVFS being mounted before anything accessed the 'hidden in /dev stuff'. /me just wondering -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010906043307.C2464>