From owner-freebsd-arch  Sun Jul  9 16:46: 4 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from mail-relay.eunet.no (mail-relay.eunet.no [193.71.71.242])
	by hub.freebsd.org (Postfix) with ESMTP id 9D96637B52D
	for <arch@FreeBSD.ORG>; Sun,  9 Jul 2000 16:46:01 -0700 (PDT)
	(envelope-from mbendiks@eunet.no)
Received: from login-1.eunet.no (login-1.eunet.no [193.75.110.2])
	by mail-relay.eunet.no (8.9.3/8.9.3/GN) with ESMTP id BAA86515;
	Mon, 10 Jul 2000 01:45:59 +0200 (CEST)
	(envelope-from mbendiks@eunet.no)
Received: from localhost (mbendiks@localhost)
	by login-1.eunet.no (8.9.3/8.8.8) with ESMTP id BAA88611;
	Mon, 10 Jul 2000 01:45:59 +0200 (CEST)
	(envelope-from mbendiks@eunet.no)
X-Authentication-Warning: login-1.eunet.no: mbendiks owned process doing -bs
Date: Mon, 10 Jul 2000 01:45:59 +0200 (CEST)
From: Marius Bendiksen <mbendiks@eunet.no>
To: Adam <bsdx@looksharp.net>
Cc: "Daniel C. Sobral" <dcs@newsguy.com>,
	Alfred Perlstein <bright@wintelcom.net>, arch@FreeBSD.ORG
Subject: Re: making the snoop device loadable.
In-Reply-To: <Pine.BSF.4.21.0007091330090.407-100000@turtle.looksharp.net>
Message-ID: <Pine.BSF.4.05.10007100142160.88568-100000@login-1.eunet.no>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> I think you missed my point.  I'm not talking about hackers at all; if a
> hacker can load a module the game is already over.  I'm talking about
> legit people with root who might do things behind the back of the person
> who compiled the kernel without snp in the first place.  

This constitutes illigitimate use of superpowers, in my book. Clear such
things with your coadmins in advance. If you cannot trust them to stick
with your policy decisions, then they should not have root in the first
place. And if you actually give them root, then you've really shot your
self in the foot, which Unix is supposed to do without asking any
questions, provided you point the gun in that direction, and pull the
trigger.

> If this change goes in, what do you do if you wish not to have snooping
> capable through the snp device and do not wish to lock unneccessary parts
> of the system down with securelevel?

You rewrite the securelevel code, or pay someone to do so.
Or, as a very, very limited way of making it more work for the would-be
snooper, you could remove the snoop module and sources. Not that it would
be any work for them to get hold of it anyhow. And, as DCS stated, there
are pre-made klds out there which would assist them better in this
illegitimate use, anyhow.

Marius



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message