From owner-freebsd-security Sat Oct 6 7:47: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id A608E37B405 for ; Sat, 6 Oct 2001 07:46:53 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id A45E92D0506; Sat, 6 Oct 2001 09:46:52 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id f96Ekoo19680; Sat, 6 Oct 2001 09:46:50 -0500 (CDT) (envelope-from hawkeyd) Date: Sat, 6 Oct 2001 09:46:50 -0500 From: D J Hawkey Jr To: cjclark@alum.mit.edu Cc: Alexander Langer , deepak@ai.net, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <20011006094650.A19631@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <200109081052.f88AqRG30016@sheol.localdomain> <20010908141700.A53738@fump.kawo2.rwth-aachen.de> <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain> <20010908183728.D840@ringworld.oblivion.bg> <20010908105308.A78138@sheol.localdomain> <20011004023034.U8391@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011004023034.U8391@blossom.cjclark.org>; from cristjc@earthlink.net on Thu, Oct 04, 2001 at 02:30:34AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Christ, On Oct 04, at 02:30 AM, Crist J. Clark wrote: > > [SNIP] > > I went in and made a very simple kernel-build option which disables > the use of kldload(2) (and kldunload(2)) at all times. This is not as > good as raising securelevel(8) since root can still write to > /dev/mem. However, a lot of people in this thread still seem to want > this ability. Since you can still write to /dev/mem, it is only raises > the bar a bit for an attacker. But it does raise the bar enough to > possibly foil a skr1pt k1ddi3 or two. Hey, thanks. I for one appreciate this hack. One Q though: Is there a config flag to link the screen-saver to the kernel? I can't seem to find it. > To use the patches, > > [SNIP] Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message