From owner-freebsd-security  Fri Oct  5  2:55:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from shikima.mine.nu (pc1-card3-0-cust143.cdf.cable.ntl.com [62.252.49.143])
	by hub.freebsd.org (Postfix) with ESMTP id 5CC3237B406
	for <security@freebsd.org>; Fri,  5 Oct 2001 02:55:38 -0700 (PDT)
Received: from rasputin by shikima.mine.nu with local (Exim 3.33 #1)
	id 15pRi4-0005er-00
	for security@freebsd.org; Fri, 05 Oct 2001 10:56:00 +0100
Date: Fri, 5 Oct 2001 10:56:00 +0100
From: Rasputin <rasputin@submonkey.net>
To: security@freebsd.org
Subject: Re: Kernel-loadable Root Kits
Message-ID: <20011005105559.A21670@shikima.mine.nu>
Reply-To: Rasputin <rasputin@submonkey.net>
References: <20011004023034.U8391@blossom.cjclark.org> <20011004173535.0A2DE3B19D@gemini.nersc.gov> <200110050910.LAA22480@malraux.matranet.com> <200110050940.LAA25147@malraux.matranet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200110050940.LAA25147@malraux.matranet.com>; from fabre@matranet.com on Fri, Oct 05, 2001 at 11:44:40AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Laurent Fabre <fabre@matranet.com> [011005 10:50]:
> Rasputin wrote:
> > * Eli Dart <dart@nersc.gov> [011004 19:30]:

> >>>Have fun. Unless there is outpouring from people who love the idea,
> >>>I'm not going to commit these to FreeBSD.
> >>>
> >>Please consider this as part of an outpouring of support from people 
> >>who love the idea.
> >>
> > 
> > "me too".
> > 
> > Isn't this fairly common among the other BSDs as well?
> > 
> > An alternative to securelevel is sometimes useful,
> > and KLDs are a fairly well-known attack method against *BSD.
> > 
> > I don't see any harm in adding it as an option - it's doesn't have to
> > (definitely shouldn't be) the default, of course.

> >>I don't always have the option of running a box 
> >>in securelevel 1, and I would like to have this knob available, even 
> >>though it doesn't fix the problem all the way.  Something similar 
> >>used to exist in FreeBSD 3.x -- I was sorry when it went away.

> please do commit it :)

Eh? If I was a committer, I would - think I've missed your point?

-- 
"No one gets too old to learn a new way of being stupid."
Rasputin :: Jack of All Trades - Master of Nuns ::

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message