From owner-freebsd-security  Mon Oct 22 16:50:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from robin.mail.pas.earthlink.net (robin.mail.pas.earthlink.net [207.217.120.65])
	by hub.freebsd.org (Postfix) with ESMTP id 1BAE437B401
	for <freebsd-security@freebsd.org>; Mon, 22 Oct 2001 16:50:10 -0700 (PDT)
Received: from dialup-209.247.140.189.dial1.sanjose1.level3.net ([209.247.140.189] helo=blossom.cjclark.org)
	by robin.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 15vopW-0000tU-00; Mon, 22 Oct 2001 16:50:04 -0700
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id f9MNnXK01500;
	Mon, 22 Oct 2001 16:49:33 -0700 (PDT)
	(envelope-from cjc)
Date: Mon, 22 Oct 2001 16:49:32 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: CS <spork@fasttrackmonkey.com>
Cc: The Psychotic Viper <psyv@sec-it.net>,
	Andrew Johns <johnsa@kpi.com.au>,
	"freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: Re: KLD detectors
Message-ID: <20011022164932.C364@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20011022025913.G26647-100000@lucifer.fuzion.ath.cx> <20011022150129.G60205-100000@bigpoop.foo.foo>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011022150129.G60205-100000@bigpoop.foo.foo>; from spork@fasttrackmonkey.com on Mon, Oct 22, 2001 at 03:07:08PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Oct 22, 2001 at 03:07:08PM -0400, CS wrote:
> Hi,
> 
> Thanks for the info, I'll test it out on a few I've found (bsd versions of
> adore).
> 
> I'm also interested in utilizing securelevels, but I'm still not 100% sure
> that securelevel 1 will actually stop this, as there seem to be a number
> of tools out there to bypass the securelevel restriction.  For example:
> 
> http://www.s0ftpj.org/en/tools.html
> 
> Scroll down to "securelevel bypass":
> http://www.s0ftpj.org/tools/securelvl.tgz

If you actually look at what this is, it is a KLD that once loaded,
will allow users to load KLDs at securelevel > 0. If you have a
securelevel > 0 and do not already have this module loaded, it doesn't
do anything for you. It doesn't break securelevel(8) or provide a
workaround.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message