From owner-freebsd-security Mon Feb 5 22:50:23 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id WAA03471 for security-outgoing; Mon, 5 Feb 1996 22:50:23 -0800 (PST) Received: from westhill.cdrom.com (westhill.cdrom.com [192.216.223.174]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id WAA03465 for ; Mon, 5 Feb 1996 22:50:21 -0800 (PST) Received: from localhost.cdrom.com (localhost.cdrom.com [127.0.0.1]) by westhill.cdrom.com (8.6.12/8.6.12) with SMTP id WAA03142 ; Mon, 5 Feb 1996 22:49:53 -0800 X-Authentication-Warning: westhill.cdrom.com: Host localhost.cdrom.com didn't use HELO protocol To: wkt@csadfa.cs.adfa.oz.au (Warren Toomey) cc: freebsd-security@freebsd.org From: Gary Palmer Subject: Re: Some Kernel Security Patches In-reply-to: Your message of "Tue, 06 Feb 1996 09:43:22 +1100." <9602052243.AA29826@dolphin> Date: Mon, 05 Feb 1996 22:49:53 -0800 Message-ID: <3140.823589393@westhill.cdrom.com> Sender: owner-security@freebsd.org Precedence: bulk Warren Toomey wrote in message ID <9602052243.AA29826@dolphin>: > I have some kernel patches for FreeBSD 2.1 to help improve > network security. If you're interested, I'm presenting a paper about the > stuff next week at a conference here in Australia. You can get the paper > at http://minnie.cs.adfa.oz.au/Seminars/AUUG96/netpaper.html, and it has a > hyperlink to the kernel patches (and a few other things). Hi I tried out your patches in one of our machines and ran into an intersting problem. The kernel starts out the boot process with nothing bound, and (if it's a busy server) can get hit A LOT before any services (such as named) can be loaded. Anyone know any way around this? I was thinking of trying to create a sysctl variable which would enable the logging, and you could stick that in /etc/rc.local (which is after all the servers are started), but I don't want to hack sysconfig much :-( Any other ideas? Gary