Date: Wed, 16 Jun 1999 18:23:13 -0400 (EDT) From: Pete Fritchman <petef@netreach.net> To: Warner Losh <imp@harmony.village.org> Cc: Barrett Richardson <barrett@phoenix.aye.net>, Unknow User <kernel@tdnet.com.br>, security@FreeBSD.ORG Subject: Re: some nice advice.... Message-ID: <Pine.LNX.3.96.990616182221.28882A-100000@static-petef.netreach.net> In-Reply-To: <199906161918.NAA01012@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
If you get compromised, why does it matter? The attacker compiles a new kernel, waits for you to reboot, boom. It's kind of hard/stupid to think about something in terms of "what if you get compromised" - he'll have root and be able to do whatever you are thinking about doing (equal privelages) just my two cents. -------------------- [ Pete Fritchman ] [ Systems Engineer ] [petef@netreach.net] -------------------- On Wed, 16 Jun 1999, Warner Losh wrote: > Date: Wed, 16 Jun 1999 13:18:03 -0600 > From: Warner Losh <imp@harmony.village.org> > To: Barrett Richardson <barrett@phoenix.aye.net> > Cc: Unknow User <kernel@tdnet.com.br>, security@FreeBSD.ORG > Subject: Re: some nice advice.... > > In message <Pine.BSF.4.01.9906160538310.18250-100000@phoenix.aye.net> > Barrett Richardson writes: > : [bpf] can be some risk. If a machine with bpf enabled gets compromised > : the attacker can use it as a network sniffer. > > That's the biggest reason that I do not enable it on most of my > machines if I can at all help it. > > However, one could argue that if a machine gets compromized, then an > attacker could, on the next reboot, cause arbitrary code to run via > the rc mechanism.... This 'hold' is hard to plug, but is plugable if > you are running with an elevated secure level... > > Warner > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.990616182221.28882A-100000>