Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 6 Oct 2001 16:42:25 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        D J Hawkey Jr <hawkeyd@visi.com>
Cc:        Alexander Langer <alex@big.endian.de>, deepak@ai.net, freebsd-security@FreeBSD.ORG
Subject:   Re: Kernel-loadable Root Kits
Message-ID:  <20011006164225.B350@blossom.cjclark.org>
In-Reply-To: <20011006094650.A19631@sheol.localdomain>; from hawkeyd@visi.com on Sat, Oct 06, 2001 at 09:46:50AM -0500
References:  <20010908141700.A53738@fump.kawo2.rwth-aachen.de> <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain> <20010908183728.D840@ringworld.oblivion.bg> <20010908105308.A78138@sheol.localdomain> <20011004023034.U8391@blossom.cjclark.org> <20011006094650.A19631@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Oct 06, 2001 at 09:46:50AM -0500, D J Hawkey Jr wrote:
> Hello, Christ,
> 
> On Oct 04, at 02:30 AM, Crist J. Clark wrote:
> > 
> >   [SNIP]
> > 
> > I went in and made a very simple kernel-build option which disables
> > the use of kldload(2) (and kldunload(2)) at all times. This is not as
> > good as raising securelevel(8) since root can still write to
> > /dev/mem. However, a lot of people in this thread still seem to want
> > this ability. Since you can still write to /dev/mem, it is only raises
> > the bar a bit for an attacker. But it does raise the bar enough to
> > possibly foil a skr1pt k1ddi3 or two.
> 
> Hey, thanks. I for one appreciate this hack. One Q though: Is there a
> config flag to link the screen-saver to the kernel? I can't seem to find
> it.

  # Splash screen at start up!  Screen savers require this too.
  pseudo-device   splash

-- 
Crist J. Clark                           cjclark@alum.mit.edu
                                         cjclark@jhu.edu
                                         cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011006164225.B350>