From owner-freebsd-security  Fri May 22 03:07:05 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA21516
          for freebsd-security-outgoing; Fri, 22 May 1998 03:07:05 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from portal.eltex.spb.ru ([195.19.195.34])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA21488
          for <freebsd-security@FreeBSD.ORG>; Fri, 22 May 1998 03:06:51 -0700 (PDT)
          (envelope-from ark@eltex.spb.ru)
From: ark@eltex.spb.ru
Received: from paranoid.eltex.spb.ru (border1.eltex.spb.ru [194.58.218.11] (may be forged))
	by portal.eltex.spb.ru (8.8.8/8.8.8) with ESMTP id OAA02725;
	Fri, 22 May 1998 14:01:12 +0400 (MSD)
Received: (from ark@localhost) by paranoid.eltex.spb.ru (8.8.8/8.7.3) id OAA16417; Fri, 22 May 1998 14:02:08 GMT
Date: Fri, 22 May 1998 14:02:08 GMT
Message-Id: <199805221402.OAA16417@paranoid.eltex.spb.ru>
In-Reply-To: <199805211901.PAA23176@brain.zeus.leitch.com> from "woods@zeus.leitch.com (Greg A. Woods)"
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: Virus on FreeBSD
To: freebsd-security@FreeBSD.ORG
Cc: regnauld@deepo.prosa.dk
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

woods@zeus.leitch.com (Greg A. Woods) said :

> [ On Thu, May 21, 1998 at 18:15:55 (+0200), Philippe Regnauld wrote: ]
> > Subject: Re: Virus on FreeBSD
> >
> > Greg A. Woods writes:
> > 
> > > Anyone who's read that article and has even the tiniest amount of
> > > imagination would *NEVER* run LKMs on a production machine.  Sure
> > 
> > 	BTW, is there a mechanism to disable loading of LKMs ?
> > 	(of course, removing the modload command is one way) -- I was
> > 	thinking about something that looked at the securelevel
> > 	and refused to load/unload a module depending on it.
> 
> Not difficult at all, thankfully.  Just define NO_LKM in your kernel
> configuration (from the /sys/i386/conf/LINT kernel config example):
> 
> 	# If you want to disable loadable kernel modules (LKM), you
> 	# might want to use this option.
> 	options         NO_LKM
> 
> I've not done a code walkthrough to ensure this is 100%, but it's a good
> start and at least prevents modload from being useful.

2.1.7.1 does not have NO_LKM option in LINT. Don't know if it does
something for that system. 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNWWFX6H/mIJW9LeBAQHp/AQAicOQcxk6CZAO3VSxnLHKAIYSsyRgj+2i
/1U6AEmn1wI+VdbEk9o/1xxMAMFsV89UWwf3qhZi+qbSWdUvY7kxY7WNJe/mEi3Y
uQqfkEwbSQgTTUZc1SUbxdqV+Za/7MS8Y4oxct3640oCBbsSuAjcQG44p7ZxpBqE
aYfqvFlu5gg=
=mPGa
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message