From owner-freebsd-hackers  Sat Aug 22 08:22:04 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA11870
          for freebsd-hackers-outgoing; Sat, 22 Aug 1998 08:22:04 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from mail.camalott.com ([208.203.140.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA11801
          for <hackers@FreeBSD.ORG>; Sat, 22 Aug 1998 08:22:00 -0700 (PDT)
          (envelope-from joelh@gnu.org)
Received: from detlev.UUCP (tex-114.camalott.com [208.229.74.114])
	by mail.camalott.com (8.8.7/8.8.5) with ESMTP id KAA20863;
	Sat, 22 Aug 1998 10:22:49 -0500
Received: (from joelh@localhost)
	by detlev.UUCP (8.9.1/8.9.1) id KAA04879;
	Sat, 22 Aug 1998 10:21:08 -0500 (CDT)
	(envelope-from joelh)
Date: Sat, 22 Aug 1998 10:21:08 -0500 (CDT)
Message-Id: <199808221521.KAA04879@detlev.UUCP>
To: bright@www.hotjobs.com
CC: karpen@ocean.campus.luth.se, rabtter@aye.net, hackers@FreeBSD.ORG
In-reply-to: <Pine.BSF.3.96.980821203617.3004A-100000@bright.fx.genx.net>
	(message from Alfred Perlstein on Fri, 21 Aug 1998 20:37:09 -0500
	(EST))
Subject: Re: I want to break binary compatibility.
From: Joel Ray Holveck <joelh@gnu.org>
Reply-to: joelh@gnu.org
References:  <Pine.BSF.3.96.980821203617.3004A-100000@bright.fx.genx.net>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Sorry about the null msg; slip of the fingers.

>> One simple way could be to just change the "magic number" on the binaries,
>> maybe, and disable all linux compat, etc?
> hrm, how's about doing that, but instead of giving an error, you shutdown
> the system and flush all logs.  sounds bad, but might help you catch them
> in the act.

Hmm... I would tend to prefer something more along the lines of
something like:

  sendpage -l 0 -p rabtter Attempt to use bad magic on `hostname -s`
  while [ ! -e /etc/shutup ] ; do cp alarm.au /dev/audio ; done
  rm /etc/shutup

That way, you don't get an LOS, you can do any analysis you need to
while the perpetrators are still on-line, you (hopefully) have them
logged in for longer (while they try to figure out the problem), etc,
etc.

With a fair bit of work, that can also be implemented in the kernel
(although I'd use a kernel variable that could be set from ddb instead
of -e /etc/shutup).  However, having the kernel launch such a process
from some random file and make it look like a sendmail sending mail or
something may be easier, particularly since you're in a bit of a rush.

Best,
joelh

-- 
Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message