39 messages in org.freebsd.freebsd-archRe: making the snoop device loadable.| From | Sent On | Attachments |
|---|---|---|
| Alfred Perlstein | Jul 9, 2000 12:04 am | |
| Adam | Jul 9, 2000 1:19 am | |
| Alfred Perlstein | Jul 9, 2000 3:33 am | |
| Adam | Jul 9, 2000 6:25 am | |
| Daniel C. Sobral | Jul 9, 2000 6:52 am | |
| Boris Popov | Jul 9, 2000 7:20 am | |
| Adam | Jul 9, 2000 10:45 am | |
| Poul-Henning Kamp | Jul 9, 2000 10:49 am | |
| Wilko Bulte | Jul 9, 2000 10:59 am | |
| Adam | Jul 9, 2000 11:12 am | |
| Poul-Henning Kamp | Jul 9, 2000 11:16 am | |
| Adam | Jul 9, 2000 11:56 am | |
| Alfred Perlstein | Jul 9, 2000 12:06 pm | |
| Adam | Jul 9, 2000 12:35 pm | |
| Alfred Perlstein | Jul 9, 2000 1:13 pm | |
| Adam | Jul 9, 2000 1:19 pm | |
| John Baldwin | Jul 9, 2000 1:24 pm | |
| Adam | Jul 9, 2000 1:25 pm | |
| Adam | Jul 9, 2000 1:30 pm | |
| John Baldwin | Jul 9, 2000 1:34 pm | |
| Adam | Jul 9, 2000 2:56 pm | |
| John Baldwin | Jul 9, 2000 3:08 pm | |
| Doug Barton | Jul 9, 2000 4:39 pm | |
| Marius Bendiksen | Jul 9, 2000 4:40 pm | |
| Marius Bendiksen | Jul 9, 2000 4:45 pm | |
| Marius Bendiksen | Jul 9, 2000 4:47 pm | |
| Marius Bendiksen | Jul 9, 2000 4:53 pm | |
| Alfred Perlstein | Jul 9, 2000 4:56 pm | |
| Jeroen C. van Gelderen | Jul 9, 2000 5:36 pm | |
| Jeroen C. van Gelderen | Jul 9, 2000 5:38 pm | |
| Jeroen C. van Gelderen | Jul 9, 2000 5:44 pm | |
| Alfred Perlstein | Jul 9, 2000 6:02 pm | |
| Mike Smith | Jul 9, 2000 8:27 pm | |
| Mike Smith | Jul 9, 2000 8:35 pm | |
| Adam | Jul 9, 2000 9:06 pm | |
| Dag-Erling Smorgrav | Jul 10, 2000 12:08 am | |
| Peter Wemm | Jul 10, 2000 1:01 am | |
| Andrzej Bialecki | Jul 10, 2000 3:36 am | |
| Bruce Evans | Jul 10, 2000 4:48 am |
| Subject: | Re: making the snoop device loadable. | |
|---|---|---|
| From: | Jeroen C. van Gelderen (jer...@vangelderen.org) | |
| Date: | Jul 9, 2000 5:36:46 pm | |
| List: | org.freebsd.freebsd-arch | |
Alfred Perlstein wrote:
* Adam <bs...@looksharp.net> [000709 11:57] wrote:
On Sun, 9 Jul 2000, Poul-Henning Kamp wrote:
In message <Pine...@turtle.looksharp.net>, Adam writes:
On Sun, 9 Jul 2000, Poul-Henning Kamp wrote:
If this change goes in, what do you do if you wish not to have snooping capable through the snp device and do not wish to lock unneccessary parts of the system down with securelevel?
You do the same as before: Hold on tight to your root password.
I dont like kernel changes that make the kernel do less babysitting and me more. Tough, I guess.
You have always needed to babysit your root password.
Ok, I give in to the argument. I would just like to make a wish. On Jan 24 1999 peter took the NO_LKM option out of LINT. I assume the support for it in other files was removed around that time also. Could someone implement a NO_KLD option so you dont need to use securelevel > 0 so people have an obvious option and dont have to know the kernel well enough to hack syscalls.master?
More security through obscurity when /dev/mem and /dev/kmem are accessable.
Nope, this is a valid request nonetheless. It doesn't give perfect security but neither does SSH. There is a whole lot more people who can write a kld than there is people that can patch a running kernel trough /dev/mem.
Implementing a NO_KLD option would be harmless and have good uses on boxes where the secure level *cannot* be upped. It doesn't affect security negatively if one doesn't use it.
It's not up to you to dictate what Adam should do. Neither is it my job to tell you that you must verify all SSH host-key fingerprints before you accept them!
Bite the bullet and up your securelevel!
Not a good idea on all systems. Convenience sometimes outweighs security. FreeBSD is about tools, not about policy.
Cheers, Jeroen
-- Jeroen C. van Gelderen o _ _ _ jer...@vangelderen.org _o /\_ _ \\o (_)\__/o (_) _< \_ _>(_) (_)/<_ \_| \ _|/' \/ (_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message