From owner-freebsd-security Thu Jun 17 22:48: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from icon.iconomic.com (iconomic.com [194.191.122.98]) by hub.freebsd.org (Postfix) with ESMTP id 0141814E06 for ; Thu, 17 Jun 1999 22:48:03 -0700 (PDT) (envelope-from ast@marabu.ch) Received: (from uucp@localhost) by icon.iconomic.com (8.9.2/8.9.2/ast-19990501) with UUCP id HAA10884; Fri, 18 Jun 1999 07:48:01 +0200 (MEST) Received: (from uucp@localhost) by hawk.marabu.ch (8.8.8/8.8.8) with UUCP id HAA18437; Fri, 18 Jun 1999 07:41:02 +0200 (MEST) (envelope-from ast@marabu.ch) Received: by marabu.marabu.ch (8.7.5/990131-ast-8.0) id HAA23430; Fri, 18 Jun 1999 07:36:13 +0200 (CEST) Message-Id: <199906180536.HAA23430@marabu.marabu.ch> Content-Type: text/plain MIME-Version: 1.0 (NeXT Mail 3.3 v118.2) X-Nextstep-Mailer: Mail 3.3 (Enhance 2.0b6) Received: by NeXT.Mailer (1.118.2) From: Adrian Steinmann Date: Fri, 18 Jun 99 07:36:11 +0200 To: security@FreeBSD.ORG Subject: Re: some nice advice.... X-Organization: Steinmann Consulting, Apollostrasse 21, 8032 Zurich X-Phone-Numbers: Switzerland, Tel +41 1 380 30 83 Fax +41 1 380 30 85 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh responded to Pete Fritchman: : If you get compromised, why does it matter? : The attacker compiles a new kernel, waits for you to reboot, boom. Nope. My kernel is set schg and i run at a high secure level so you can't replace my kernel. Make sure /boot.config is schg as well, otherwise echo "wd(0,a)/evil_kernel" > /boot.config && reboot can circumvent your measures [you could also make / schg, I guess]. A high secure mode will also stop a determined hacker from rewriting your boot blocks because it disables writing to disk except through the mounted filesystems ;-) Adrian Steinmann _________________________________________________________________________ Dr. Adrian Steinmann Steinmann Consulting Apollostrasse 21 8032 Zurich Tel +41 1 380 30 83 Fax +41 1 380 30 85 Mailto:ast@styx.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message