From owner-freebsd-security Thu Apr 16 16:08:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA06639 for freebsd-security-outgoing; Thu, 16 Apr 1998 16:08:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA06555; Thu, 16 Apr 1998 23:07:29 GMT (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id QAA10457; (8.8.8/RDY) Thu, 16 Apr 1998 16:07:11 -0700 (PDT) Message-Id: <199804162307.QAA10457@burka.rdy.com> Subject: Re: kernel permissions In-Reply-To: from Ted Spradley at "Apr 16, 98 05:21:06 pm" To: tsprad@set.spradley.tmi.net (Ted Spradley) Date: Thu, 16 Apr 1998 16:07:11 -0700 (PDT) Cc: dima@best.net, tweten@frihet.com, louie@TransSys.COM, trost@cloud.rain.com, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Ted Spradley writes: > > Excuse me? What are they (users) going to do with kernel name list > > besides attempting to hack your machine? > > No, you've missed Mr. Tweten's point. You don't get to ask. *You* have > to prove that there's *nothing* else they could get from reading the > kernel. How can I prove that there's nothing else they can get from reading my kernel, if I'm trying to prove opposite? > Furthermore, it's not obvious to me what they could get from reading it > that would allow them to "hack your machine". For example, some time ago it would have been possible to read N bytes from the terminal buffer under SunOS with ``netstat'' command if you happen to have an access to the kernel namelist. > > They can't really use it anyway. > > It would be a nuisance to me if I had to su root to do the "strings > /kernel | grep '^___' " thing. How often do you do that? > If you have such an adversarial relationship with these 'users' then by > all means, change your file permissions on your system any way you like, > but don't impose your changes on the rest of us. > > BTW, you can make your system more secure by disconnecting the network > cable, and even more secure by disconnecting the power cable. Smart suggestion indeed. > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message