From owner-freebsd-bugs  Mon Apr 21 10:10:06 1997
Return-Path: <owner-bugs>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id KAA01167
          for bugs-outgoing; Mon, 21 Apr 1997 10:10:06 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id KAA01160;
          Mon, 21 Apr 1997 10:10:03 -0700 (PDT)
Date: Mon, 21 Apr 1997 10:10:03 -0700 (PDT)
Message-Id: <199704211710.KAA01160@freefall.freebsd.org>
To: freebsd-bugs
Cc: 
From: "Jin Guojun[ITG]" <jin@george.lbl.gov>
Subject: Re: kern/3365: LKMs are a security hole -- need way to disable them
Reply-To: "Jin Guojun[ITG]" <jin@george.lbl.gov>
Sender: owner-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The following reply was made to PR kern/3365; it has been noted by GNATS.

From: "Jin Guojun[ITG]" <jin@george.lbl.gov>
To: FreeBSD-gnats-submit@FreeBSD.ORG, pst@jnx.com
Cc:  Subject: Re: kern/3365: LKMs are a security hole -- need way to disable them
Date: Mon, 21 Apr 1997 10:06:14 -0700

 > Any FreeBSD machine where you'd like to stop someone who gains root from
 > mucking with your kernel.
 > 
 > >Description:
 > 
 > It's too easy for someone to gain root and add optional functionality to
 > your kernel (such as the snp pseudo-device, or perhaps BPF support...albiet
 > BPF is a bit harder).
 
 I am not clear how this can happen. One has to be root (having root access)
 to do LKM load. Some condition for one modifying the LKM object. So how easy
 for every one to gain root without root access right.
 
 If you put LKM object at a non-secure place, then it is not the LKM problem :-)
 
 -Jin