From owner-freebsd-security@FreeBSD.ORG Wed Sep 26 04:40:26 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C5ECC106566B for ; Wed, 26 Sep 2012 04:40:26 +0000 (UTC) (envelope-from mousedz23499@workoblue.33mail.com) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) by mx1.freebsd.org (Postfix) with ESMTP id A3D9F8FC0C for ; Wed, 26 Sep 2012 04:40:26 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1TGjQ4-00020l-0w for freebsd-security@freebsd.org; Tue, 25 Sep 2012 21:40:20 -0700 Date: Tue, 25 Sep 2012 21:40:20 -0700 (PDT) From: moused86799 To: freebsd-security@freebsd.org Message-ID: <1348634420023-5746974.post@n5.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 26 Sep 2012 11:47:45 +0000 Subject: Vulnerability - moused dependency on dbus-daemon - how to get rid of DBUS? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2012 04:40:26 -0000 one way of attacking the OS 1.search the lists http://lists.freebsd.org/pipermail/freebsd-questions/2012-May/241042.html 2.)mouse intermittent works if problem with dbus-daemon 3.)analyze - dbus-daemon is a 'relatively unknown' and extra DEPENDENCY of moused 4.)set kern.securelevel=333 5.)interrupt control of moused root /usr/sbin/moused -F 200 -A 1.5.2.0 -a 0.7 -r high -V -p /dev/psm0 -t auto 6.)alt to port /dev/psm0 - not completed so, how can anything dbus be ELIMINATED from the OS? *details using dtpstree init-+-adjkerntz |-console-kit-daemon |-devd |-moused |-dbus-daemon |-polkitd |-swapexd |-7*[getty] |-gpg-agent |-2*[gam_server] |-login---shell--sh---xinit-+-Xorg | `-fluxbox-+-terminal |-***network question: how can dbus or dbus-daemon be eliminated from the basic OS configuration for a developer workstation? Thank you. -- View this message in context: http://freebsd.1045724.n5.nabble.com/Vulnerability-moused-dependency-on-dbus-daemon-how-to-get-rid-of-DBUS-tp5746974.html Sent from the freebsd-security mailing list archive at Nabble.com.