Re: Re[2]: snooper watchers

Karl Strickland (karl@bagpuss.demon.co.uk)
Wed, 1 Mar 1995 21:06:41 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Reto Lichtensteiger: "Re: rebooting (was Snooper watchers)"
Previous message: F. L. Charles Seeger III: "Re: Re[2]: snooper watchers"
In reply to: Michael Neuman: "Re: Re[2]: snooper watchers"
Next in thread: System Administrator: "Re: Re[2]: snooper watchers"

> 
> > >      The best thing to do is take the nit support out of the kernel and 
> > >      remove /dev/nit.  Now someone would have to build a new kernel and 
> > >      reboot the machine to replace the nit support.
> > >      
> > is it not possible for a hacker to set his own boot device before performing 
> > his reboot, and then reset it back to whatever-it-was later?  ie by messing 
> > with /dev/openprom or whatever its called
> 
>   Sounds too complex to me... 

im told you can specify devices on a reboot command line anyway, so its not
even that complicated.

But, this is interesting:

>   If you take out NIT, I know of two ways I can put it back in WITHOUT
> rebooting.

Whats the two ways?

> Modifying running kernels isn't all that hard.

Doesnt 'how hard it is' depend on the modifications you're making?

> Remember,
> anything is possible...

Is it still possible if we disallow opening of /dev/[k]mem for write?

-- 
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl@bagpuss.demon.co.uk
                                          |

Next message: Reto Lichtensteiger: "Re: rebooting (was Snooper watchers)"
Previous message: F. L. Charles Seeger III: "Re: Re[2]: snooper watchers"
In reply to: Michael Neuman: "Re: Re[2]: snooper watchers"
Next in thread: System Administrator: "Re: Re[2]: snooper watchers"