From owner-freebsd-security Sat Sep 18 0: 6:40 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (Postfix) with ESMTP id 583E31585D for ; Sat, 18 Sep 1999 00:06:33 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from [204.68.178.39] (helo=softweyr.com) by mail.xmission.com with esmtp (Exim 2.12 #2) id 11SEZs-0005cZ-00; Sat, 18 Sep 1999 01:06:32 -0600 Message-ID: <37E339F6.F5C889D6@softweyr.com> Date: Sat, 18 Sep 1999 01:06:30 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh Cc: "Rodney W. Grimes" , "Jordan K. Hubbard" , Brett Glass , security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel References: <199909180633.XAA50642@gndrsh.dnsmgr.net> <199909180638.AAA00735@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > > In message <199909180633.XAA50642@gndrsh.dnsmgr.net> "Rodney W. Grimes" writes: > : I've had the fortanate experience of not having to work on any modern > : Digital OS's (last was VMS 5.0 and Ultrix 3.x). I wonder if /dev/audit > : is lifted right out of VMS's SYS$AUDIT:. > > In conversations that I had with folks from inside digital over the > years, I've been told that this was one of the things written in BLISS > that was ported to Ultrix. However, I am suspicious about this > assertion give what I now know about the internals of both VMS and BSD > these days. As Terry used to say, "BLISS is ignorance." A well-defined and well-architected syscall auditing mechanism would be a great security addition, and right up the alley of what I'm looking for. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://softweyr.com/ wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message