From owner-freebsd-hackers Tue Jul 27 10:25: 5 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 24E28151FC; Tue, 27 Jul 1999 10:24:58 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id KAA54897; Tue, 27 Jul 1999 10:24:47 -0700 (PDT) (envelope-from dillon) Date: Tue, 27 Jul 1999 10:24:47 -0700 (PDT) From: Matthew Dillon Message-Id: <199907271724.KAA54897@apollo.backplane.com> To: Nate Williams Cc: "Brian F. Feldman" , Joe Greco , hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: securelevel and ipfw zero References: <199907270348.UAA49943@apollo.backplane.com> <199907271718.LAA25910@mt.sri.com> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :I just thought of a bad thing. If you allowed the counters to be zero'd :(or advanced) at securelevel == 3, then a 'malicious user' could write a :cronjob to continually reset them and cause a DoS attack on the system :(or in the case of advance, reset them to ridiculously high values), :thus filling up the disk. : :However, one could argue that *IF* they have root, they could just as :easily fill the disk with garbage and cause the same attack, ie; : :# dd if=/dev/zero of=/var/log/misc The hacker w/ root would have to be a complete bozo to write a cron job or loop to clear the ipfw counters rather then do something else that really blows the machine away! It isn't a scenario that fills me with fear. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message