On Mon, Sep 03, 2001 at 10:35:22AM -0500, Damieon Stark wrote:
> Greetings all,
>       In my local source tree, I have a small modification to /etc/security
> which I thought would be good to get in the base tree.  The attached .diff
> allows /etc/security to keep a record of all non-device related files located
> in /dev.  Many blackhat utilities, and practices include using the /dev
> directory as a location to create sniffer logs, suid binaries, and other evil.
> By keeping a database similar to /var/log/setuid.today, administrators can be
> notified of any changes to /dev.  The diff is against -current, however the
> functionality is unchanged between -stable and -current.

Isn't this blackhat practice rendered useless with DEVFS ?

Of course someone who's been hacked cannot rely on DEVFS being mounted
before anything accessed the 'hidden in /dev stuff'.

/me just wondering


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to