From owner-freebsd-hackers Mon Jul 12 18:46:22 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (Postfix) with ESMTP id 894BA1500F for ; Mon, 12 Jul 1999 18:46:16 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id LAA09379; Tue, 13 Jul 1999 11:13:44 +0930 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.3/8.9.0) id LAA39272; Tue, 13 Jul 1999 11:13:41 +0930 (CST) Date: Tue, 13 Jul 1999 11:13:41 +0930 From: Greg Lehey To: crypt0genic , Mark Newton Cc: hackers@FreeBSD.ORG, Karl Pielorz Subject: Compromising a FreeBSD from inside (was: (forw)) Message-ID: <19990713111341.S21403@freebie.lemis.com> References: <3789D346.5682D28A@tdx.co.uk> <199907121149.VAA22311@gizmo.internode.com.au> <19990712122803.A1832@ecad.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <19990712122803.A1832@ecad.org>; from crypt0genic on Mon, Jul 12, 1999 at 12:28:03PM +0000 WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG People, how much attention are you going to get to this topic with a subject line like "(forw)"? On Monday, 12 July 1999 at 12:28:03 +0000, crypt0genic wrote: > > Have you all seen this? > To: BUGTRAQ@SECURITYFOCUS.COM > > Hi folks, > > THC released a new article dealing with FreeBSD 3.x > Kernel modules that can attack/backdoor the > system. > You can find our article on http://thc.pimmel.com or > http://r3wt.base.org. For those of us who *hate* incorrect or approximate URLs, try http://thc.pimmel.com/files/thc/bsdkern.html. > Greets, pragmatic / The Hacker's Choice On Monday, 12 July 1999 at 21:19:45 +0930, Mark Newton wrote: > Karl Pielorz wrote: > >> Yes, a nice, effective - and simply way of replacing syscall's on FreeBSD... >> Some might say a little too 'simple'? > > Garbage. You can do this on any OS, whether it supports loadable > modules or not, if you've managed to win sufficient privileges through > some other means. FreeBSD (and other OSs with loadable module support) > merely provides a well-defined API which, like almost every other well- > defined API, can be abused by those who harbor ill-will. > > Making the interface "complicated" does absolutely nothing to stop > script-kiddies: Once a complicated interface is in an exploit script, > who cares how arcane it is? In fact, the most interesting thing about this (rather large) document is that it's the best documentation I've seen on klds. I don't know why anybody would want to use it for compromising security, since it's a *lot* of work, and to even get as far as installing it you have to be root already, so you would have plenty of easier alternatives. Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message