From owner-freebsd-security  Wed May 27 11:49:59 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA00891
          for freebsd-security-outgoing; Wed, 27 May 1998 11:49:59 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA00818
          for <freebsd-security@FreeBSD.ORG>; Wed, 27 May 1998 11:49:35 -0700 (PDT)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (localhost [127.0.0.1])
	by dingo.cdrom.com (8.8.8/8.8.5) with ESMTP id KAA00931
	for <freebsd-security@FreeBSD.ORG>; Wed, 27 May 1998 10:45:10 -0700 (PDT)
Message-Id: <199805271745.KAA00931@dingo.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: freebsd-security@FreeBSD.ORG
Subject: Re: Virus on FreeBSD 
In-reply-to: Your message of "Wed, 27 May 1998 12:04:51 EDT."
             <199805271604.MAA22991@brain.zeus.leitch.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 27 May 1998 10:45:10 -0700
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> 
> Here we have possibly a dozen people who might build their own kernel,
> and some of those same people are also authorized to do maintenance work
> (such as building new kernels) on production machines.  If any of those
> kernels that contain LKM support get from a desktop machine to a
> production machine, then I'd like to have some way to detect this.  In
> other environments where the number of such authorized people may be at
> least an order of magnitude larger, then such simple verification
> measures can be of real value.  The advantages of being able to give
> people responsibilities and the freedom to carry out those
> responsibilties, while at the same time not having to manually look over
> their shoulders 100% of the time, are great.
> 
> On the other hand I don't hold a whole lot of hope that I can easily
> implement a tool that will be able to detect code signatures or
> patterns, even for a given processor family such as those FreeBSD runs
> on.

Depending on the circumstances, 'options INCLUDE_CONFIG_FILE' may be 
enough of a requirement for you to be happy.

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message