From owner-freebsd-security  Thu Apr 16 16:08:04 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA06639
          for freebsd-security-outgoing; Thu, 16 Apr 1998 16:08:04 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA06555;
          Thu, 16 Apr 1998 23:07:29 GMT
          (envelope-from dima@burka.rdy.com)
Received: by burka.rdy.com id QAA10457;
  (8.8.8/RDY) Thu, 16 Apr 1998 16:07:11 -0700 (PDT)
Message-Id: <199804162307.QAA10457@burka.rdy.com>
Subject: Re: kernel permissions
In-Reply-To: <E0yPx1m-0005qz-00@set.spradley.tmi.net> from Ted Spradley at "Apr 16, 98 05:21:06 pm"
To: tsprad@set.spradley.tmi.net (Ted Spradley)
Date: Thu, 16 Apr 1998 16:07:11 -0700 (PDT)
Cc: dima@best.net, tweten@frihet.com, louie@TransSys.COM, trost@cloud.rain.com,
        stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
X-Class: Fast
Organization: HackerDome
Reply-To: dima@best.net
From: dima@best.net (Dima Ruban)
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Ted Spradley writes:
> > Excuse me? What are they (users) going to do with kernel name list
> > besides attempting to hack your machine?
> 
> No, you've missed Mr. Tweten's point.  You don't get to ask.  *You* have 
> to prove that there's *nothing* else they could get from reading the 
> kernel.

How can I prove that there's nothing else they can get from reading my kernel,
if I'm trying to prove opposite?

> Furthermore, it's not obvious to me what they could get from reading it 
> that would allow them to "hack your machine".

For example, some time ago it would have been possible to read N
bytes from the terminal buffer under SunOS with ``netstat'' command
if you happen to have an access to the kernel namelist.

> > They can't really use it anyway.
> 
> It would be a nuisance to me if I had to su root to do the "strings 
> /kernel | grep '^___' " thing.

How often do you do that?

> If you have such an adversarial relationship with these 'users' then by 
> all means, change your file permissions on your system any way you like, 
> but don't impose your changes on the rest of us.
> 
> BTW, you can make your system more secure by disconnecting the network 
> cable, and even more secure by disconnecting the power cable.

Smart suggestion indeed.

> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message