Date: Sun, 18 Feb 2001 21:24:42 +0200 From: Nevermind <never@nevermind.kiev.ua> To: Carroll Kong <damascus@home.com> Cc: Brian Reichert <reichert@numachi.com>, freebsd-security@FreeBSD.ORG Subject: Re: Remote logging Message-ID: <20010218212442.A68304@nevermind.kiev.ua> In-Reply-To: <4.2.2.20010218133626.00c04f00@netmail.home.com>; from damascus@home.com on Sun, Feb 18, 2001 at 01:40:21PM -0500 References: <p04330104b6b573740812@[192.168.0.98]> <p04330104b6b573740812@[192.168.0.98]> <20010218132255.L91352@numachi.com> <4.2.2.20010218133626.00c04f00@netmail.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, Carroll Kong! On Sun, Feb 18, 2001 at 01:40:21PM -0500, you wrote: > That is a good idea, however, what is to stop the enemy from killing=20 > syslogd as his first option? I do not think syslogd logs when it gets=20 > killed? So, despite the secure log host, he might not get the valuable= =20 > info he needs. I suppose you could then start speculating a break in if= =20 > there are no more MARKs since syslogd is dead. Even that could be=20 > fabricated I suppose. Ugh. Security sure is tough to implement=20 > fully. Not trying to say you are wrong, just that I am curious how does= =20 > one stop this possible problem? Have you found a way to avoid it? I sometimes think about some flag on process so that once launched it canno= t be killed without specifying password... I don't know if it will be correct to existing process model... What are you thinking about that? --=20 NEVE-RIPE The instructions said to install Windows 98 or better, so I installed FreeBSD. --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6kCF5pCk6epJSQlIRAqlMAJ4/1oBMG2Nq/CcTY8hXjflGYdhVSACgoBHQ Rjq2gGD0t+FJ8LnmwNaySVw= =9Lhm -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010218212442.A68304>