From owner-freebsd-bugs Mon Apr 21 10:50:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA02936 for bugs-outgoing; Mon, 21 Apr 1997 10:50:06 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA02930; Mon, 21 Apr 1997 10:50:02 -0700 (PDT) Date: Mon, 21 Apr 1997 10:50:02 -0700 (PDT) Message-Id: <199704211750.KAA02930@freefall.freebsd.org> To: freebsd-bugs Cc: From: Paul Traina Subject: Re: kern/3365: LKMs are a security hole -- need way to disable them Reply-To: Paul Traina Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR kern/3365; it has been noted by GNATS. From: Paul Traina To: "Jin Guojun[ITG]" Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: kern/3365: LKMs are a security hole -- need way to disable them Date: Mon, 21 Apr 1997 10:39:53 -0700 From: "Jin Guojun[ITG]" Subject: Re: kern/3365: LKMs are a security hole -- need way to disable them > Any FreeBSD machine where you'd like to stop someone who gains root from > mucking with your kernel. > > >Description: > > It's too easy for someone to gain root and add optional functionality to > your kernel (such as the snp pseudo-device, or perhaps BPF support...albiet > BPF is a bit harder). I am not clear how this can happen. One has to be root (having root access) to do LKM load. Some condition for one modifying the LKM object. So how easy for every one to gain root without root access right. If you put LKM object at a non-secure place, then it is not the LKM problem Just because someone's root doesn't mean that you want them to have the ability to modify your OS. That's the whole point of the schg flag, right now, LKM's are a hole in the securitylevel protection model.