From owner-freebsd-arch  Sun Jul  9 12: 7:23 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id EB1B237B56E
	for <arch@FreeBSD.ORG>; Sun,  9 Jul 2000 12:07:19 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id e69J75000772;
	Sun, 9 Jul 2000 12:07:05 -0700 (PDT)
Date: Sun, 9 Jul 2000 12:07:05 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: Adam <bsdx@looksharp.net>
Cc: arch@FreeBSD.ORG
Subject: Re: making the snoop device loadable.
Message-ID: <20000709120705.Q25571@fw.wintelcom.net>
References: <17526.963166640@critter.freebsd.dk> <Pine.BSF.4.21.0007091453481.407-100000@turtle.looksharp.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.BSF.4.21.0007091453481.407-100000@turtle.looksharp.net>; from bsdx@looksharp.net on Sun, Jul 09, 2000 at 02:57:02PM -0400
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Adam <bsdx@looksharp.net> [000709 11:57] wrote:
> On Sun, 9 Jul 2000, Poul-Henning Kamp wrote:
> 
> >In message <Pine.BSF.4.21.0007091411480.407-100000@turtle.looksharp.net>, Adam 
> >writes:
> >>On Sun, 9 Jul 2000, Poul-Henning Kamp wrote:
> >>
> >>>
> >>>>If this change goes in, what do you do if you wish not to have snooping
> >>>>capable through the snp device and do not wish to lock unneccessary parts
> >>>>of the system down with securelevel?
> >>>
> >>>You do the same as before:  Hold on tight to your root password.
> >>
> >>I dont like kernel changes that make the kernel do less babysitting and me
> >>more.  Tough, I guess.  
> >
> >You have always needed to babysit your root password.
> 
> Ok, I give in to the argument.  I would just like to make a wish.  On Jan
> 24 1999 peter took the NO_LKM option out of LINT.  I assume the support
> for it in other files was removed around that time also.  Could someone
> implement a NO_KLD option so you dont need to use securelevel > 0 so
> people have an obvious option and dont have to know the kernel well enough
> to hack syscalls.master?  

More security through obscurity when /dev/mem and /dev/kmem are
accessable.

Bite the bullet and up your securelevel!

-Alfred


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message