From owner-freebsd-questions Mon Sep 6 10:36: 4 1999 Delivered-To: freebsd-questions@freebsd.org Received: from out1.mx.skynet.be (out1.mx.skynet.be [195.238.2.36]) by hub.freebsd.org (Postfix) with ESMTP id 88B95158EE; Mon, 6 Sep 1999 10:35:54 -0700 (PDT) (envelope-from blk@skynet.be) Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121]) by out1.mx.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id TAA28322; Mon, 6 Sep 1999 19:42:17 +0200 (MET DST) Mime-Version: 1.0 X-Sender: blk@foxbert.skynet.be Message-Id: In-Reply-To: References: Date: Mon, 6 Sep 1999 19:30:56 +0200 To: Dag-Erling Smorgrav From: Brad Knowles Subject: Re: softupdates in latest build? Cc: Pascal Hofstee , freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 7:05 PM +0200 1999/9/6, Dag-Erling Smorgrav wrote: > Read /usr/src/COPYRIGHT. > > THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND > ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE > ARE DISCLAIMED. And as any lawyer can tell you, this doesn't mean anything. The sharks are slobbering all over themselves to nail Microsoft over the recent problems with hotmail, and FreeBSD Inc. could very easily be setting themselves up for a similar lawsuit. Especially since this was a change that was not very widely announced (I sure didn't see anything even in /usr/src/UPDATING, much less on any other web pages or anything else I've read so far), and this is a negative change from previous behaviour. Furthermore, this is built into the GENERIC kernel (and turned on by default), and we all know that the vast majority of sites will never figure out how to build their own kernel, nor will they have any real use for this feature. Once on a box, it's trivially easy to get root. In fact, with various rootkits lying around, it's easy to do this programmatically and gain root access to hundreds, thousands, tens of thousands of machines in just a few minutes. However, it might be a bit more difficult to script creating and installing a new kernel to turn on the ability for people to do password sniffing. If this feature isn't enabled by default, you at least have the chance that it would be more noticable for them to build and install a new sniffing-capable kernel, and increase the chance by just that smidgen more that people would actually see anomolous behaviour when their machines are compromised, and potentially be capable of preventing further damage to their networks and systems. -- These are my opinions -- not to be taken as official Skynet policy ____________________________________________________________________ |o| Brad Knowles, Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message