From owner-freebsd-arch  Sun Jul  9 18: 2:42 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id 0268B37C19D
	for <arch@FreeBSD.ORG>; Sun,  9 Jul 2000 18:02:40 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id e6A12RQ10311;
	Sun, 9 Jul 2000 18:02:27 -0700 (PDT)
Date: Sun, 9 Jul 2000 18:02:27 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
Cc: Marius Bendiksen <mbendiks@eunet.no>, Adam <bsdx@looksharp.net>,
	arch@FreeBSD.ORG
Subject: Re: making the snoop device loadable.
Message-ID: <20000709180227.W25571@fw.wintelcom.net>
References: <Pine.BSF.4.05.10007100149380.88568-100000@login-1.eunet.no> <39691C98.2C0DF9F7@vangelderen.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <39691C98.2C0DF9F7@vangelderen.org>; from jeroen@vangelderen.org on Sun, Jul 09, 2000 at 08:45:12PM -0400
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Jeroen C. van Gelderen <jeroen@vangelderen.org> [000709 17:45] wrote:
> Marius Bendiksen wrote:
> > 
> > > Why did it exist from FreeBSD-WhoKnowsWhen until 1999?  I'd like to use X
> > 
> > As I recall, this had something to do with shrinking the kernel for
> > PicoBSD, amongst other things.
> > 
> > > why NO_LKM is bad but couldn't find anything.  Could you help me find a
> > > discussion on it or tell me why disabling kernel modules is *not*
> > > security?  Assuming I'd notice a reboot and would consequently whup some
> > > butt if someone did.
> > 
> > Thing is; disabling kernel modules will avail you little, as an
> > illegitimate user can still use the memory devices to access physical
> > memory, and thus binary patch a live kernel. This is hard, but it can, and
> > has been done. 
> 
> Sure. But that may not be in one's threat model. Sure, a 
> NO_KLD could be worked around in theory but maybe not in
> practice; Which means it can be very useful albeit maybe
> not for you.

It's not very useful, the second some weenie posts his canned "load
a kld on freebsd even with NO_KLD" 'sploit', it'll all be over in
a most embarrasing way, all admins foolishly relying on such
'protection' will have to scramble to fix things properly.

Here's it in a nutshell, it was less than trivial to get the snoop
device loadable.  Right now there is no 'NO_KLD' switch.

Raise secure level or don't give out root.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message