Date: Thu, 16 Apr 1998 16:07:11 -0700 (PDT) From: dima@best.net (Dima Ruban) To: tsprad@set.spradley.tmi.net (Ted Spradley) Cc: dima@best.net, tweten@frihet.com, louie@TransSys.COM, trost@cloud.rain.com, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <199804162307.QAA10457@burka.rdy.com> In-Reply-To: <E0yPx1m-0005qz-00@set.spradley.tmi.net> from Ted Spradley at "Apr 16, 98 05:21:06 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Ted Spradley writes: > > Excuse me? What are they (users) going to do with kernel name list > > besides attempting to hack your machine? > > No, you've missed Mr. Tweten's point. You don't get to ask. *You* have > to prove that there's *nothing* else they could get from reading the > kernel. How can I prove that there's nothing else they can get from reading my kernel, if I'm trying to prove opposite? > Furthermore, it's not obvious to me what they could get from reading it > that would allow them to "hack your machine". For example, some time ago it would have been possible to read N bytes from the terminal buffer under SunOS with ``netstat'' command if you happen to have an access to the kernel namelist. > > They can't really use it anyway. > > It would be a nuisance to me if I had to su root to do the "strings > /kernel | grep '^___' " thing. How often do you do that? > If you have such an adversarial relationship with these 'users' then by > all means, change your file permissions on your system any way you like, > but don't impose your changes on the rest of us. > > BTW, you can make your system more secure by disconnecting the network > cable, and even more secure by disconnecting the power cable. Smart suggestion indeed. > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804162307.QAA10457>