From owner-freebsd-security  Wed Jun 16 20: 8:38 1999
Delivered-To: freebsd-security@freebsd.org
Received: from phoenix (phoenix.aye.net [206.185.8.134])
	by hub.freebsd.org (Postfix) with SMTP id C431C14EE0
	for <security@FreeBSD.ORG>; Wed, 16 Jun 1999 20:08:36 -0700 (PDT)
	(envelope-from barrett@phoenix.aye.net)
Received: (qmail 13814 invoked by uid 1000); 17 Jun 1999 03:07:57 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 17 Jun 1999 03:07:57 -0000
Date: Wed, 16 Jun 1999 23:07:57 -0400 (EDT)
From: Barrett Richardson <barrett@phoenix.aye.net>
To: Pete Fritchman <petef@netreach.net>
Cc: Warner Losh <imp@harmony.village.org>,
	Unknow User <kernel@tdnet.com.br>, security@FreeBSD.ORG
Subject: Re: some nice advice.... 
In-Reply-To: <Pine.LNX.3.96.990616182221.28882A-100000@static-petef.netreach.net>
Message-ID: <Pine.BSF.4.01.9906162256390.371-100000@phoenix.aye.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Wed, 16 Jun 1999, Pete Fritchman wrote:

> If you get compromised, why does it matter?
> The attacker compiles a new kernel, waits for you to reboot, boom.
>
  If he waited for me to reboot, he would be waiting for me to do
  an upgrade. A machine reboot around here (other than the squid
  boxes) gets EVERYBODY out of bed.
 
> It's kind of hard/stupid to think about something in terms of "what if you
> get compromised" - he'll have root and be able to do whatever you are
> thinking about doing (equal privelages)

  On one machine, yes. If he had tcpdump one breach could turn into
  many. I agree its hard, and it may be stupid -- I don't care -- system
  breaches are embarrassing and costly.

> 
> just my two cents.
> 
> --------------------
> [  Pete Fritchman  ]
> [ Systems Engineer ]
> [petef@netreach.net]
> --------------------
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message