From owner-freebsd-security Sun Oct 7 5:19:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from gull.mail.pas.earthlink.net (gull.mail.pas.earthlink.net [207.217.121.85]) by hub.freebsd.org (Postfix) with ESMTP id A698537B403 for ; Sun, 7 Oct 2001 05:19:20 -0700 (PDT) Received: from blossom.cjclark.org (dialup-209.245.131.25.Dial1.SanJose1.Level3.net [209.245.131.25]) by gull.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id FAA19029; Sun, 7 Oct 2001 05:19:12 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f96NgPs01383; Sat, 6 Oct 2001 16:42:25 -0700 (PDT) (envelope-from cjc) Date: Sat, 6 Oct 2001 16:42:25 -0700 From: "Crist J. Clark" To: D J Hawkey Jr Cc: Alexander Langer , deepak@ai.net, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <20011006164225.B350@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20010908141700.A53738@fump.kawo2.rwth-aachen.de> <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain> <20010908183728.D840@ringworld.oblivion.bg> <20010908105308.A78138@sheol.localdomain> <20011004023034.U8391@blossom.cjclark.org> <20011006094650.A19631@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011006094650.A19631@sheol.localdomain>; from hawkeyd@visi.com on Sat, Oct 06, 2001 at 09:46:50AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Oct 06, 2001 at 09:46:50AM -0500, D J Hawkey Jr wrote: > Hello, Christ, > > On Oct 04, at 02:30 AM, Crist J. Clark wrote: > > > > [SNIP] > > > > I went in and made a very simple kernel-build option which disables > > the use of kldload(2) (and kldunload(2)) at all times. This is not as > > good as raising securelevel(8) since root can still write to > > /dev/mem. However, a lot of people in this thread still seem to want > > this ability. Since you can still write to /dev/mem, it is only raises > > the bar a bit for an attacker. But it does raise the bar enough to > > possibly foil a skr1pt k1ddi3 or two. > > Hey, thanks. I for one appreciate this hack. One Q though: Is there a > config flag to link the screen-saver to the kernel? I can't seem to find > it. # Splash screen at start up! Screen savers require this too. pseudo-device splash -- Crist J. Clark cjclark@alum.mit.edu cjclark@jhu.edu cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message