From owner-freebsd-hackers  Tue Jul 27 10:54: 9 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6EA421532F; Tue, 27 Jul 1999 10:54:02 -0700 (PDT)
	(envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id LAA16057;
	Tue, 27 Jul 1999 11:53:42 -0600 (MDT)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id LAA26248; Tue, 27 Jul 1999 11:53:41 -0600
Date: Tue, 27 Jul 1999 11:53:41 -0600
Message-Id: <199907271753.LAA26248@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Achim Patzner <ap@bnc.net>
Cc: Nate Williams <nate@mt.sri.com>,
	Julian Elischer <julian@whistle.com>,
	"Brian F. Feldman" <green@FreeBSD.ORG>,
	Matthew Dillon <dillon@apollo.backplane.com>,
	Joe Greco <jgreco@ns.sol.net>, hackers@FreeBSD.ORG,
	freebsd-ipfw@FreeBSD.ORG
Subject: Re: securelevel and ipfw zero
In-Reply-To: <19990727194245.L58970@bnc.net>
References: <Pine.BSF.4.10.9907262322120.35843-100000@janus.syracuse.net>
	<Pine.BSF.3.95.990726204047.28343P-100000@current1.whistle.com>
	<199907271715.LAA25892@mt.sri.com>
	<19990727194245.L58970@bnc.net>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > (Another thing I just thought of is that this could cause DoS attacks on
> > the system if a user compromised root and then set the limit to a very
> > high number.)
> 
> If you have someone going berzerk as "root" on a firewall you're definitely
> going to have a completely different set of headaches. Why should someone
> start DoS attacks after capturing a firewall? It's like painting the
> fingernails before amputating the hand.

So it was a bad example.  If I had enough brain cells to boil a cup of
water for my soup I'd be able to come up with more 'viable' issues where
modifying the counters is a bad thing. :)


Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message