From owner-freebsd-arch  Sun Jul  9 17:37:14 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47])
	by hub.freebsd.org (Postfix) with ESMTP id B18D237C126
	for <arch@FreeBSD.ORG>; Sun,  9 Jul 2000 17:37:10 -0700 (PDT)
	(envelope-from jeroen@vangelderen.org)
Received: from vangelderen.org (grolsch.ai [209.88.68.214])
	by cypherpunks.ai (Postfix) with ESMTP
	id A3F004D; Sun,  9 Jul 2000 20:37:08 -0400 (AST)
Message-ID: <39691AB4.BBC85D45@vangelderen.org>
Date: Sun, 09 Jul 2000 20:37:08 -0400
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Alfred Perlstein <bright@wintelcom.net>
Cc: Adam <bsdx@looksharp.net>, arch@FreeBSD.ORG
Subject: Re: making the snoop device loadable.
References: <17526.963166640@critter.freebsd.dk> <Pine.BSF.4.21.0007091453481.407-100000@turtle.looksharp.net> <20000709120705.Q25571@fw.wintelcom.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Alfred Perlstein wrote:
> 
> * Adam <bsdx@looksharp.net> [000709 11:57] wrote:
> > On Sun, 9 Jul 2000, Poul-Henning Kamp wrote:
> >
> > >In message <Pine.BSF.4.21.0007091411480.407-100000@turtle.looksharp.net>, Adam
> > >writes:
> > >>On Sun, 9 Jul 2000, Poul-Henning Kamp wrote:
> > >>
> > >>>
> > >>>>If this change goes in, what do you do if you wish not to have snooping
> > >>>>capable through the snp device and do not wish to lock unneccessary parts
> > >>>>of the system down with securelevel?
> > >>>
> > >>>You do the same as before:  Hold on tight to your root password.
> > >>
> > >>I dont like kernel changes that make the kernel do less babysitting and me
> > >>more.  Tough, I guess.
> > >
> > >You have always needed to babysit your root password.
> >
> > Ok, I give in to the argument.  I would just like to make a wish.  On Jan
> > 24 1999 peter took the NO_LKM option out of LINT.  I assume the support
> > for it in other files was removed around that time also.  Could someone
> > implement a NO_KLD option so you dont need to use securelevel > 0 so
> > people have an obvious option and dont have to know the kernel well enough
> > to hack syscalls.master?
> 
> More security through obscurity when /dev/mem and /dev/kmem are
> accessable.

Nope, this is a valid request nonetheless. It doesn't give
perfect security but neither does SSH. There is a whole lot
more people who can write a kld than there is people that
can patch a running kernel trough /dev/mem.

Implementing a NO_KLD option would be harmless and have good 
uses on boxes where the secure level *cannot* be upped. It 
doesn't affect security negatively if one doesn't use it. 

It's not up to you to dictate what Adam should do. Neither is 
it my job to tell you that you must verify all SSH host-key 
fingerprints before you accept them!

> Bite the bullet and up your securelevel!

Not a good idea on all systems. Convenience sometimes outweighs 
security. FreeBSD is about tools, not about policy.

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message