From owner-freebsd-security  Fri Jun 18  7:52:54 1999
Delivered-To: freebsd-security@freebsd.org
Received: from host07.rwsystems.net (kasie.rwsystems.net [209.197.192.103])
	by hub.freebsd.org (Postfix) with ESMTP id C234614FCB
	for <security@FreeBSD.ORG>; Fri, 18 Jun 1999 07:52:48 -0700 (PDT)
	(envelope-from jwyatt@RWSystems.net)
Received: from kasie.rwsystems.net([209.197.192.103]) (820 bytes) by host07.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@RWSystems.net>) 
	id <m10uzaa-000bxdC@host07.rwsystems.net>
	for <security@FreeBSD.ORG>; Fri, 18 Jun 1999 09:25:52 -0500 (CDT)
	(Smail-3.2.0.104 1998-Nov-20 #1 built 1998-Dec-24)
Date: Fri, 18 Jun 1999 09:25:51 -0500 (CDT)
From: James Wyatt <jwyatt@RWSystems.net>
To: Adrian Steinmann <ast@marabu.ch>
Cc: security@FreeBSD.ORG
Subject: Re: some nice advice....
In-Reply-To: <199906180536.HAA23430@marabu.marabu.ch>
Message-ID: <Pine.BSF.4.05.9906180924430.6084-100000@kasie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 18 Jun 1999, Adrian Steinmann wrote:
> Make sure /boot.config is schg as well, otherwise
> 
>     echo "wd(0,a)/evil_kernel" > /boot.config && reboot
> 
> can circumvent your measures [you could also make / schg, I guess].

Uh, why wouldn't you schg /boot.config?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message