On Mon, Sep 03, 2001 at 10:35:22AM -0500, Damieon Stark wrote:
> Greetings all,
> In my local source tree, I have a small modification to /etc/security
> which I thought would be good to get in the base tree. The attached .diff
> allows /etc/security to keep a record of all non-device related files located
> in /dev. Many blackhat utilities, and practices include using the /dev
> directory as a location to create sniffer logs, suid binaries, and other evil.
> By keeping a database similar to /var/log/setuid.today, administrators can be
> notified of any changes to /dev. The diff is against -current, however the
> functionality is unchanged between -stable and -current.
Isn't this blackhat practice rendered useless with DEVFS ?
Of course someone who's been hacked cannot rely on DEVFS being mounted
before anything accessed the 'hidden in /dev stuff'.
/me just wondering
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message