From owner-freebsd-security Thu Jun 17 5:43:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from sfmailrelay.hamquist.com (sfmailrelay2.hamquist.com [199.108.89.15]) by hub.freebsd.org (Postfix) with SMTP id 424261526A for ; Thu, 17 Jun 1999 05:43:56 -0700 (PDT) (envelope-from rchilders@hamquist.com) Received: from 172.19.6.48 by sfmailrelay.hamquist.com with SMTP ( WorldSecure Server SMTP Relay(WSS) v3.2 SR1); Thu, 17 Jun 99 05:43:27 -0700 X-Server-Uuid: c29e0ff2-e8b9-11d1-a493-00c04fbbd7d3 Received: from hamquist.com ([172.19.6.230]) by sfmail.hamquist.com ( Netscape Messaging Server 3.6) with ESMTP id AAA1474; Thu, 17 Jun 1999 08:43:54 -0400 Message-ID: <3768EE6F.EEE2706F@hamquist.com> Date: Thu, 17 Jun 1999 05:47:43 -0700 From: "Richard Childers" Organization: hambrecht & quist, llc X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: "Warner Losh" Cc: "Pete Fritchman" , "Barrett Richardson" , "Unknow User" , Subject: Re: some nice advice.... References: <199906162224.QAA02435@harmony.village.org> X-WSS-ID: 1B7632E5461580-01-02 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "My kernel is set schg ..." Could you please expand on this ? -- richard Warner Losh wrote: > > In message Pete Fritchman writes: > : If you get compromised, why does it matter? > : The attacker compiles a new kernel, waits for you to reboot, boom. > > Nope. My kernel is set schg and i run at a high secure level so you > can't replace my kernel. > > : It's kind of hard/stupid to think about something in terms of "what if you > : get compromised" - he'll have root and be able to do whatever you are > : thinking about doing (equal privelages) > > No it isn't. You can minimize the damage with some careful planning. > > Warner > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message