From owner-freebsd-security Wed Jun 16 15:53:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id F34BA14DC9 for ; Wed, 16 Jun 1999 15:53:43 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA52264 for ; Wed, 16 Jun 1999 16:53:42 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA02435; Wed, 16 Jun 1999 16:24:46 -0600 (MDT) Message-Id: <199906162224.QAA02435@harmony.village.org> To: Pete Fritchman Subject: Re: some nice advice.... Cc: Barrett Richardson , Unknow User , security@FreeBSD.ORG In-reply-to: Your message of "Wed, 16 Jun 1999 18:23:13 EDT." References: Date: Wed, 16 Jun 1999 16:24:45 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Pete Fritchman writes: : If you get compromised, why does it matter? : The attacker compiles a new kernel, waits for you to reboot, boom. Nope. My kernel is set schg and i run at a high secure level so you can't replace my kernel. : It's kind of hard/stupid to think about something in terms of "what if you : get compromised" - he'll have root and be able to do whatever you are : thinking about doing (equal privelages) No it isn't. You can minimize the damage with some careful planning. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message