From owner-freebsd-security Sat Sep 18 0:12: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 8A97814DDD for ; Sat, 18 Sep 1999 00:11:51 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id AAA50768; Sat, 18 Sep 1999 00:11:35 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909180711.AAA50768@gndrsh.dnsmgr.net> Subject: Re: BPF on in 3.3-RC GENERIC kernel In-Reply-To: <37E33885.B2B42D8C@softweyr.com> from Wes Peters at "Sep 18, 1999 01:00:21 am" To: wes@softweyr.com (Wes Peters) Date: Sat, 18 Sep 1999 00:11:35 -0700 (PDT) Cc: imp@village.org (Warner Losh), brett@lariat.org (Brett Glass), security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Warner Losh wrote: > > > > In message <37E32365.B9F9573B@softweyr.com> Wes Peters writes: > > : Worked for me. A well-written, accurate analogy too. > > > > I'll have to try again later... I'd be very interested in this. I > > personally think that schg is useful against accidental mistakes, but > > flawed in implementation. > > Agreed. It's a good tool, but isn't going to stop somebody who's both > clever and dedicated. A similar facility in VMS didn't stop Kevin > Mittnick from stealing the VMS source code from my ex-boss. ;^) But SYS$AUDIT would have at least let him know it was stolen :-). And perhaps alerted him before Kevin got out the door with the tape. > > > Although some of that may be due to inperfections in /etc/rc and > > friends. > > I think a lot of the system startup just happened, rather than being > designed from a security standpoint. I'm attempting to land myself a > job where I would be paid to fix this, among other things. I'll let > you all know if/when it happens. 99% of most OS's ``just happen'' without concern for secuirity. And good luck on that new work load your digging yourself in for!! -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message