From owner-freebsd-security Sat Sep 8 15:19:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id DBFDF37B407 for ; Sat, 8 Sep 2001 15:19:41 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id 064212D048D; Sat, 8 Sep 2001 17:19:41 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id f88MJe479589; Sat, 8 Sep 2001 17:19:40 -0500 (CDT) (envelope-from hawkeyd) Date: Sat, 8 Sep 2001 17:19:40 -0500 From: D J Hawkey Jr To: Alexander Langer Cc: deepak@ai.net, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <20010908171940.B79354@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <200109081052.f88AqRG30016@sheol.localdomain> <20010908141700.A53738@fump.kawo2.rwth-aachen.de> <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain> <20010908183728.D840@ringworld.oblivion.bg> <20010908105308.A78138@sheol.localdomain> <20010908203935.B54535@fump.kawo2.rwth-aachen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010908203935.B54535@fump.kawo2.rwth-aachen.de>; from alex@big.endian.de on Sat, Sep 08, 2001 at 08:39:35PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sep 08, at 08:39 PM, Alexander Langer wrote: > > Thus spake D J Hawkey Jr (hawkeyd@visi.com): > > > Ah. Well then, as I wrote to Kris, the kernel has to deny KLD loading > > altogether, it should be a build-time option, and it should have nothing > > to over-ride this. > > Or am I still being too simplistic? I haven't been using KLD- or LKM- > > You'd have to remove the whole kld code then, including all > linker_file stuff. I have no idea as to the complexities of the task. I'll take your word for it. > And, given that, you can still use /dev/mem to manipulate the kernel. Perhaps it's too off-topic for this list, but I have no clue how one would; I don't know squat about /dev/mem. > Alex Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message