Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 9 Jul 2000 03:33:29 -0700
From:      Alfred Perlstein <bright@wintelcom.net>
To:        Adam <bsdx@looksharp.net>
Cc:        arch@FreeBSD.ORG
Subject:   Re: making the snoop device loadable.
Message-ID:  <20000709033329.N25571@fw.wintelcom.net>
In-Reply-To: <Pine.BSF.4.21.0007090414370.407-100000@turtle.looksharp.net>; from bsdx@looksharp.net on Sun, Jul 09, 2000 at 04:19:59AM -0400
References:  <20000709000458.M25571@fw.wintelcom.net> <Pine.BSF.4.21.0007090414370.407-100000@turtle.looksharp.net>

next in thread | previous in thread | raw e-mail | index | archive | help
* Adam <bsdx@looksharp.net> [000709 01:20] wrote:
> On Sun, 9 Jul 2000, Alfred Perlstein wrote:
> 
> >Ok, I noticed that with a bit of hacking the snp device can be made
> >loadable.  Making it unloadable is a bit of a pain, but I can
> >implement it using refcounting on the amount of ttys that have snp
> >devices hooked onto them so that the machine doesn't panic if you
> >unload it.
> >
> >The 'problem' that happens is that kern/tty.c now needs to include
> >snoop.h unconditionally, and it also has to provide some exernally
> >visible pointers to functions for the loadable snoop device to 
> >hook into.
> >
> >Basically, does anyone have a problem with snp becoming loadable
> >before I commit to finishing off the work? (it's loadable now, but
> >not unloadable).
> 
> Would it make sense to have a kernel option or something to disable this
> feature without using securelevels?  I'm thinking of the situation of the
> owner of a computer is paranoid (or highly ethical) and strongly dislikes
> the snooping ability yet other root users on the machine might not have 
> the same standards and try to sneak in a module to peek around quick or
> cause trouble with other users.  As it is now you would have to cause
> quite a commotion by at least rebooting the machine...

This is security through irritation, a well crafted kernel module
could upsurp the tty subsystem and make snooping possible anyway.

If you don't want it loadable (or possible) then you must raise
securelevel.

My initial implementation seemed to work just by loading the module,
which was very strange considering that several calls into the snoop
module weren't being made.  It could have been a lack of sleep and 
I imagined this 'feature', but it's possible.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000709033329.N25571>