From owner-freebsd-security  Sat Sep  8 11:39:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from r220-1.rz.RWTH-Aachen.DE (r220-1.rz.RWTH-Aachen.DE [134.130.3.31])
	by hub.freebsd.org (Postfix) with ESMTP id 220A337B408
	for <freebsd-security@FreeBSD.ORG>; Sat,  8 Sep 2001 11:39:30 -0700 (PDT)
Received: from r220-1.rz.RWTH-Aachen.DE (relay2.RWTH-Aachen.DE [134.130.3.1])
	by r220-1.rz.RWTH-Aachen.DE (8.10.1/8.11.3-2) with ESMTP id f88IdUc02461;
	Sat, 8 Sep 2001 20:39:30 +0200 (MEST)
Received: from kawoserv.kawo2.rwth-aachen.de (root@kawoserv.kawo2.RWTH-Aachen.DE [134.130.180.1])
	by r220-1.rz.RWTH-Aachen.DE (8.10.1/8.11.3/5) with ESMTP id f88IdTu02455;
	Sat, 8 Sep 2001 20:39:29 +0200 (MEST)
Received: from fump.kawo2.rwth-aachen.de (root@fump.kawo2.rwth-aachen.de [134.130.181.148])
	by kawoserv.kawo2.rwth-aachen.de (8.9.3/8.9.3) with ESMTP id UAA27236;
	Sat, 8 Sep 2001 20:39:28 +0200
Received: (from alex@localhost)
	by fump.kawo2.rwth-aachen.de (8.11.3/8.11.3) id f88IdZt54561;
	Sat, 8 Sep 2001 20:39:36 +0200 (CEST)
	(envelope-from alex)
Date: Sat, 8 Sep 2001 20:39:35 +0200
From: Alexander Langer <alex@big.endian.de>
To: D J Hawkey Jr <hawkeyd@visi.com>
Cc: deepak@ai.net, freebsd-security@FreeBSD.ORG
Subject: Re: Kernel-loadable Root Kits
Message-ID: <20010908203935.B54535@fump.kawo2.rwth-aachen.de>
References: <GPEOJKGHAMKFIOMAGMDIGEHGFHAA.deepak_ai.net@ns.sol.net> <200109081052.f88AqRG30016@sheol.localdomain> <20010908141700.A53738@fump.kawo2.rwth-aachen.de> <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain> <20010908183728.D840@ringworld.oblivion.bg> <20010908105308.A78138@sheol.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010908105308.A78138@sheol.localdomain>; from hawkeyd@visi.com on Sat, Sep 08, 2001 at 10:53:08AM -0500
X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8  A8 E3 BA F3 4E 60 7D 7F
X-PGP-at: finger alex@big.endian.de
X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Thus spake D J Hawkey Jr (hawkeyd@visi.com):

> Ah. Well then, as I wrote to Kris, the kernel has to deny KLD loading
> altogether, it should be a build-time option, and it should have nothing
> to over-ride this.
> Or am I still being too simplistic? I haven't been using KLD- or LKM-

You'd have to remove the whole kld code then, including all
linker_file stuff.

And, given that, you can still use /dev/mem to manipulate the kernel.

Alex

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message