From owner-freebsd-security Thu Jun 17 5:49: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.prime.net.ua (mail.prime.net.ua [195.64.229.2]) by hub.freebsd.org (Postfix) with ESMTP id D75B615400 for ; Thu, 17 Jun 1999 05:48:59 -0700 (PDT) (envelope-from andyo@mail.prime.net.ua) Received: from localhost (andyo@localhost) by mail.prime.net.ua (8.9.3/8.9.3) with SMTP id PAA16431; Thu, 17 Jun 1999 15:47:45 +0300 (EEST) Date: Thu, 17 Jun 1999 15:47:44 +0300 (EEST) From: "Andy V. Oleynik" To: Richard Childers Cc: security@FreeBSD.ORG Subject: Re: some nice advice.... In-Reply-To: <3768EE6F.EEE2706F@hamquist.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org chflags schg /kernel On Thu, 17 Jun 1999, Richard Childers wrote: > > "My kernel is set schg ..." > > Could you please expand on this ? > > > -- richard > > > > Warner Losh wrote: > > > > In message Pete Fritchman writes: > > : If you get compromised, why does it matter? > > : The attacker compiles a new kernel, waits for you to reboot, boom. > > > > Nope. My kernel is set schg and i run at a high secure level so you > > can't replace my kernel. > > > > : It's kind of hard/stupid to think about something in terms of "what if you > > : get compromised" - he'll have root and be able to do whatever you are > > : thinking about doing (equal privelages) > > > > No it isn't. You can minimize the damage with some careful planning. > > > > Warner > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message