Date: Tue, 2 Jul 1996 05:49:46 -0500 From: Alex Nash <alex@orion.fa.tdktca.com> To: zbs@softec.softec.sk Cc: freebsd-security@freebsd.org Subject: Re: securelevel and modload Message-ID: <199607021049.FAA17709@orion.fa.tdktca.com>
next in thread | raw e-mail | index | archive | help
> I think the FreeBSD kernel securelevel functionality together with > the schg and sappnd flags are a very good idea to make systems > more secure. I like the idea of unchangable securelevel, > unchangable flags etc. But I don't know whether this > all securelevel stuff can be eliminated by a > loadable kernel module, which, say, changes the value of > the variable securelevel. > > So what's the situation? > > Anyway, from a security point of view I would like to completely > disable loadable kernel modules. Is there a way to do it? You cannot load or unload LKMs at securelevels greater than 0. This is the case with -current as of Nov 29th 1995, and -stable as of May 31st 1996. Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607021049.FAA17709>