From owner-freebsd-stable Tue Sep 7 1:22:14 1999 Delivered-To: freebsd-stable@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 8227815B6D for ; Tue, 7 Sep 1999 01:22:08 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id KAA27834; Tue, 7 Sep 1999 10:22:03 +0200 (CEST) (envelope-from des) To: Alex Perel Cc: Brad Knowles , Dag-Erling Smorgrav , Pascal Hofstee , freebsd-stable@FreeBSD.ORG Subject: Re: softupdates in latest build? References: From: Dag-Erling Smorgrav Date: 07 Sep 1999 10:22:02 +0200 In-Reply-To: Alex Perel's message of "Mon, 6 Sep 1999 15:35:16 -0400 (EDT)" Message-ID: Lines: 25 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Alex Perel writes: > On Mon, 6 Sep 1999, Brad Knowles wrote: > > However, it might be a bit more difficult to script creating and > > installing a new kernel to turn on the ability for people to do > > password sniffing. [...] > Huh? > # echo 'pseudo-device bpf' >> MYKERNEL > # config MYKERNEL > etc. Actually, it's still "bpfilter" in -STABLE. I didn't MFC the name change, since it would have been a gratuitous breach of POLA. > And what are you going to do when bpf becomes a KLD? Scream and shout that > KLDs are evil because they let a cracker who obtained superuser privilige to > load BPF support? KLD modules already let you do much, much more serious stuff than this (refer to Pragmatic/THC's recent article about writing stealth modules to hijack syscalls: http://thc.pimmel.com/files/thc/bsdkern.html), but like bpf, if the attacker can use them (s)he already has root. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message