From owner-freebsd-rc@FreeBSD.ORG Thu Sep 6 18:44:02 2012 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: by hub.freebsd.org (Postfix, from userid 664) id 47461106566B; Thu, 6 Sep 2012 18:44:02 +0000 (UTC) Date: Thu, 6 Sep 2012 11:44:00 -0700 From: David O'Brien To: Dag-Erling =?unknown-8bit?B?U23DuHJncmF2?= Message-ID: <20120906184400.GF13179@dragon.NUXI.org> References: <201208222337.q7MNbORo017642@svn.freebsd.org> <5043E449.8050005@FreeBSD.org> <20120904220126.GA85339@dragon.NUXI.org> <50468326.8070009@FreeBSD.org> <20120906164514.GA14757@dragon.NUXI.org> <867gs7qcsl.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <867gs7qcsl.fsf@ds4.des.no> X-Operating-System: FreeBSD 10.0-CURRENT X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Arthur Mesh , freebsd-security@FreeBSD.org, Doug Barton , freebsd-rc@FreeBSD.org, Mark Murray Subject: Re: svn commit: r239598 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: obrien@freebsd.org List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2012 18:44:02 -0000 On Thu, Sep 06, 2012 at 07:30:34PM +0200, Dag-Erling Smrgrav wrote: > However, it does not vary from one boot to another, or even from one > machine to another if they run the same FreeBSD version with the same > device.hints and loader.conf on the same hardware configuration. ... and same BIOS version. I found on some Dell desktops and HP servers I looked at that the 'hint.acpi.0' MIB could vary depending on BIOS version, and 'smbios' MIB did vary between systems. > (with the possible exception of a serial number if the SMBIOS provides > one, but I have a room full of identical servers which all have serial > number 123456) I do not doubt what you say for SuperMicro or similar "white box" systems. On $WORKS's ARM and MIPS devices there was also some differences, but granted not as much as on x86. better_than_nothing() is a best attempt. For instance, have you looked at how close the 'ps -fauxww' output is between systems? I don't see much variance. I'm not saying 'kenv' is perfect, but it was something I found in /[s]bin that varied between systems so it was a good replacement for one of the 'ps' runs. There are several attacker scenarios to think of. 1. Attacker has no login on the victim system, but is working from anything probeable over the network (including sniffed network traffic). 2. Attacker has a local non-root login on the victim system. 3. Attacker no login on the victim system, but knows its exact hardware and software configuration and can study their copy of the victim system. 4. Attacker has a local [intruded] root login on the victim system. [Not to be dismissed as "well they have root -- game over", assume a key securely moved off box is being attacked.] We cannot guard against all of them, but we should try to have output in better_than_nothing() to help guard against all of these. -- -- David (obrien@FreeBSD.org)