Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Mar 1999 19:30:29 -0500 (EST)
From:      Robert Watson <robert@cyrus.watson.org>
To:        Mark Newton <newton@camtech.com.au>
Cc:        Archie Cobbs <archie@whistle.com>, ark@eltex.ru, freebsd-security@FreeBSD.ORG
Subject:   Re: FreeBSD SKIP port updated
Message-ID:  <Pine.BSF.3.96.990311192831.6494F-100000@fledge.watson.org>
In-Reply-To: <199903120019.KAA05025@frenzy.ct>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Fri, 12 Mar 1999, Mark Newton wrote:

> Archie Cobbs wrote:
> 
>  > Mark Newton writes:
>  > >  > > I am curious if someone tried to update it to compile in-kernel.
>  > >  > > I don't use LKMs, i have them disabled for security reasons (no flames
>  > >  > > please)
>  > >  > 
>  > >  > Well, there's no reason you couldn't load it at boot time.
>  > >  > Ie, add it to boot.conf (or loader.conf of whatever it's called).
>  > > 
>  > > If you have KLDs disabled that shouldn't work (and it represents a 
>  > > pretty major security issue if it does!)
>  > 
>  > I thought the disabling of KLD's only blocked the kldload() process.
>  > Guess not.
> 
> From a brief look at the source, you might be right.
> 
> This is bad.  I'd think disabling KLDs should totally disable the
> in-kernel linker.  Otherwise someone could get new modules into your
> kernel by adding 'em to loader.rc and forcing a reboot.

Arguably, in a securelevel environment, the {/boot,/modules} directories
should be entirely noschg.  Otherwise the user could specify alternative
kernels, use alternative bootstrap code, etc.  Any of these yields kernel
privileges.

I would argue that disabling kldload in securelevels is a good idea;
removing the ability to have a dynamically linked kernel from /modules et
al is a bad idea; instead, appropriate file protection should be used.

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
Safeport Network Services             http://www.safeport.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990311192831.6494F-100000>