From owner-freebsd-hackers  Mon Jul 12 13:26: 3 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
	by hub.freebsd.org (Postfix) with ESMTP id B387E14FEE
	for <hackers@FreeBSD.ORG>; Mon, 12 Jul 1999 13:26:01 -0700 (PDT)
	(envelope-from julian@whistle.com)
Received: from current1.whistle.com (current1.whistle.com [207.76.205.22])
	by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id NAA32699;
	Mon, 12 Jul 1999 13:25:27 -0700 (PDT)
Date: Mon, 12 Jul 1999 13:25:26 -0700 (PDT)
From: Julian Elischer <julian@whistle.com>
To: Doug Rabson <dfr@nlsystems.com>
Cc: Karl Pielorz <kpielorz@tdx.co.uk>,
	Mark Newton <newton@internode.com.au>, crypt0genic@ecad.org,
	hackers@FreeBSD.ORG
Subject: Re: (forw)
In-Reply-To: <Pine.BSF.4.10.9907122036060.58023-100000@salmon.nlsystems.com>
Message-ID: <Pine.BSF.3.95.990712132403.2595D-100000@current1.whistle.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Mon, 12 Jul 1999, Doug Rabson wrote:

> On Mon, 12 Jul 1999, Karl Pielorz wrote:
> 
> > 
> > 
> > Mark Newton wrote:
> > > 
> > > Karl Pielorz wrote:
> > > 
> > >  > Yes, a nice, effective - and simply way of replacing syscall's on FreeBSD...
> > >  > Some might say a little too 'simple'?
> > > 
> > > Garbage.  You can do this on any OS, whether it supports loadable
> > > modules or not, if you've managed to win sufficient privileges through
> > > some other means.
> > 
> > I was actually leaning towards that... My boss had kittens here (we have 12
> > FreeBSD boxes running the show now), until I'd explained it to him... If
> > syscall's need to be replaced, they need to be replaced - and if they are
> > replaceable ... (I'll stop there) :)
> > 
> > The article (from what I can remember) didn't actually go out of it's way to
> > say you have to have be root to load the modules in the first place :) - Maybe
> > it's warrants some kind of response page putting up somewhere? - this is also
> > getting off topic for -hackers :(...
> 
> It was mentioned when describing the conditions for allowing the file load
> (securelevel == 0 && uid == 0).

which suggests that most important servers should be run 
whith  securelevel > 0





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message