From owner-freebsd-security  Wed Jun 16 15:39:36 1999
Delivered-To: freebsd-security@freebsd.org
Received: from pop3-3.enteract.com (pop3-3.enteract.com [207.229.143.32])
	by hub.freebsd.org (Postfix) with SMTP id 6139714D7C
	for <security@FreeBSD.ORG>; Wed, 16 Jun 1999 15:39:34 -0700 (PDT)
	(envelope-from dscheidt@enteract.com)
Received: (qmail 49018 invoked from network); 16 Jun 1999 22:39:34 -0000
Received: from shell-2.enteract.com (dscheidt@207.229.143.41)
  by pop3-3.enteract.com with SMTP; 16 Jun 1999 22:39:34 -0000
Received: from localhost (dscheidt@localhost)
	by shell-2.enteract.com (8.9.3/8.9.2) with SMTP id RAA76236;
	Wed, 16 Jun 1999 17:39:32 -0500 (CDT)
	(envelope-from dscheidt@enteract.com)
X-Authentication-Warning: shell-2.enteract.com: dscheidt owned process doing -bs
Date: Wed, 16 Jun 1999 17:39:32 -0500 (CDT)
From: David Scheidt <dscheidt@enteract.com>
To: Pete Fritchman <petef@netreach.net>
Cc: Warner Losh <imp@harmony.village.org>,
	Barrett Richardson <barrett@phoenix.aye.net>,
	Unknow User <kernel@tdnet.com.br>, security@FreeBSD.ORG
Subject: Re: some nice advice.... 
In-Reply-To: <Pine.LNX.3.96.990616182221.28882A-100000@static-petef.netreach.net>
Message-ID: <Pine.NEB.3.96.990616172450.76036A-100000@shell-2.enteract.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 16 Jun 1999, Pete Fritchman wrote:

> If you get compromised, why does it matter? 
> The attacker compiles a new kernel, waits for you to reboot, boom.

Because my production machine never got rebooted, except for hardware
or for new kernels.  Anything else would be investigated.  If you
got root on the box, you likely wouldn't have it past a reboot, so
not habing a sniffable interface would be an advantage.  I don't
think it is that big a deal though.

David Scheidt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message