From owner-freebsd-arch Sun Jul 9 1:20: 9 2000 Delivered-To: freebsd-arch@freebsd.org Received: from turtle.looksharp.net (cc360882-a.strhg1.mi.home.com [24.2.221.22]) by hub.freebsd.org (Postfix) with ESMTP id 5B1A937B54F for ; Sun, 9 Jul 2000 01:20:04 -0700 (PDT) (envelope-from bsdx@looksharp.net) Received: from localhost (bsdx@localhost) by turtle.looksharp.net (8.9.3/8.9.3) with ESMTP id EAA25942; Sun, 9 Jul 2000 04:19:59 -0400 (EDT) (envelope-from bsdx@looksharp.net) Date: Sun, 9 Jul 2000 04:19:59 -0400 (EDT) From: Adam To: Alfred Perlstein Cc: arch@FreeBSD.ORG Subject: Re: making the snoop device loadable. In-Reply-To: <20000709000458.M25571@fw.wintelcom.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 9 Jul 2000, Alfred Perlstein wrote: >Ok, I noticed that with a bit of hacking the snp device can be made >loadable. Making it unloadable is a bit of a pain, but I can >implement it using refcounting on the amount of ttys that have snp >devices hooked onto them so that the machine doesn't panic if you >unload it. > >The 'problem' that happens is that kern/tty.c now needs to include >snoop.h unconditionally, and it also has to provide some exernally >visible pointers to functions for the loadable snoop device to >hook into. > >Basically, does anyone have a problem with snp becoming loadable >before I commit to finishing off the work? (it's loadable now, but >not unloadable). Would it make sense to have a kernel option or something to disable this feature without using securelevels? I'm thinking of the situation of the owner of a computer is paranoid (or highly ethical) and strongly dislikes the snooping ability yet other root users on the machine might not have the same standards and try to sneak in a module to peek around quick or cause trouble with other users. As it is now you would have to cause quite a commotion by at least rebooting the machine... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message