From owner-freebsd-security@FreeBSD.ORG Sun Aug 10 23:47:24 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01DD737B401 for ; Sun, 10 Aug 2003 23:47:24 -0700 (PDT) Received: from hysteria.spc.org (hysteria.spc.org [195.206.69.234]) by mx1.FreeBSD.org (Postfix) with SMTP id D81A043F75 for ; Sun, 10 Aug 2003 23:47:22 -0700 (PDT) (envelope-from bms@hysteria.spc.org) Received: (qmail 7704 invoked by uid 5013); 11 Aug 2003 06:44:38 -0000 Date: Mon, 11 Aug 2003 07:44:38 +0100 From: Bruce M Simpson To: Jason Dambrosio Message-ID: <20030811064438.GG31845@spc.org> References: <200308110257.h7B2v6YJ061278@freefall.freebsd.org> <20030811063316.GA85000@tekgenesis.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030811063316.GA85000@tekgenesis.net> User-Agent: Mutt/1.4.1i Organization: SPC cc: FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2003 06:47:24 -0000 On Sun, Aug 10, 2003 at 08:33:16PM -1000, Jason Dambrosio wrote: > Wouldn't a possible workaround be, to load a kld module that would > replace the ptrace(2) system call with a patched one? I remember doing > such a trick for modifying other system calls using kld modules... That isn't really a solution; more of a band-aid. Besides, if someone compromises the system in some other way, they can just remove your module or unload it. Unless you're a big securelevels fan. BMS