freebsd-security Digest, Vol 184, Issue 2
Wes Peters
wes at opensail.org
Wed Nov 8 07:28:20 UTC 2006
On Nov 7, 2006, at 11:22 PM, Alexander Leidinger wrote:
> Quoting Wes Peters <wes at opensail.org> (from Tue, 7 Nov 2006
> 20:19:40 -0800):
>
>> --- /etc/rc.d/dmesg Sat May 6 21:00:26 2006
>> +++ dmesg Tue Nov 7 20:17:47 2006
>> @@ -19,8 +19,10 @@
>> do_dmesg()
>> {
>> - rm -f ${dmesg_file}
>> + mv -f ${dmesg_file} ${dmesg_file}.prev
>> ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
>> + cmp -s ${dmesg_file} ${dmesg_file}.prev || \
>> + logger -p security.warn 'dmesg.boot changed from
>> previous boot'
>> }
>> load_rc_config $name
>>
>>
>> If you like that, I'm willing to discuss it further, and/or commit it
>> and let the howling tell if it's a keeper or not. ;^)
>
> Did you try this? I didn't, but I would expect to see this message
> _every time_ (because of minor timecounter rate changes).
Yes, but only once, and then forced a change by re-running it. Maybe
I just got 'lucky.' Feel free to suggest 'better' tests, or parts to
throw out of dmesg.boot before the test.
--
Where am I, and what am I doing in this handbasket?
Wes Peters
wes at softweyr.com
More information about the freebsd-security
mailing list