Date: Thu, 16 Apr 1998 20:40:22 -0700 (PDT) From: dima@best.net (Dima Ruban) To: tsprad@set.spradley.tmi.net (Ted Spradley) Cc: dima@best.net, tweten@frihet.com, louie@TransSys.COM, trost@cloud.rain.com, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <199804170340.UAA12029@burka.rdy.com> In-Reply-To: <E0yQ0zz-000653-00@set.spradley.tmi.net> from Ted Spradley at "Apr 16, 98 09:35:31 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Ted Spradley writes: > > Ted Spradley writes: > > > > Excuse me? What are they (users) going to do with kernel name list > > > > besides attempting to hack your machine? > > > > > > No, you've missed Mr. Tweten's point. You don't get to ask. *You* have > > > to prove that there's *nothing* else they could get from reading the > > > kernel. > > > > How can I prove that there's nothing else they can get from reading my kernel, > > if I'm trying to prove opposite? > > You have to prove that there is nothing else besides attempting to hack > your machine that these users could possibly get from reading the kernel. > That is, you have to prove your assertion that there is nothing useful > that users could get from reading the kernel. Ahh, sorry. It was probably problem with my English. Okay. What can user get from being able to read kernel. 1. Debugging symbols and symbol table - user doesn't need that. 2. Possible kernel configuration - questionable. 3. Kernel namelist - user doesn't need that. 4. Kernel copy with possible commercial stuff - user doesn't need that. 5. Kernel copy with possible restricted/crypto - user doesn't need that. stuff. I believe, this is about it, or at least I can't think of anything else. Everything else user can get using standard commands. All of such a commands have sgid on kmem. (This includes netstat/dmesg/systat/nfsstat/w/ps/etc, etc, etc.) > > I just wanted to clarify my wording. I've had quite enough of this subject. We've already wasted far more effort on the discussion than I was attempting to save by preventing a gratuitous change. > Me too. Honestly, I didn't expect any objections on this subject and was quite surprised after receiving so much responces (mostly from you :-) > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804170340.UAA12029>