Date: Sat, 8 Sep 2001 15:37:00 -0700 From: Kris Kennaway <kris@obsecurity.org> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: Alexander Langer <alex@big.endian.de>, deepak@ai.net, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <20010908153700.B72780@xor.obsecurity.org> In-Reply-To: <20010908102816.B77764@sheol.localdomain>; from hawkeyd@visi.com on Sat, Sep 08, 2001 at 10:28:16AM -0500 References: <GPEOJKGHAMKFIOMAGMDIGEHGFHAA.deepak_ai.net@ns.sol.net> <200109081052.f88AqRG30016@sheol.localdomain> <20010908141700.A53738@fump.kawo2.rwth-aachen.de> <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
--eJnRUKwClWJh1Khz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Sep 08, 2001 at 10:28:16AM -0500, D J Hawkey Jr wrote: > Q: Can the kernel be "forced" to load a module from within itself? That > is, does a cracker need to be in userland? If you're at securelevel 1 or higher, you shouldn't be able to cause untrusted code to be loaded by the kernel by "legal" means, only by "illegal" means such as exploiting kernel buffer overflows and other bugs which may exist. Kris --eJnRUKwClWJh1Khz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7mp2LWry0BWjoQKURAonAAJ0XaUYb1qqfsHPioAE5jSG7htK5pwCfTRAD 45qWXe1+IdkXjTnB/Bn6rY0= =wQ9n -----END PGP SIGNATURE----- --eJnRUKwClWJh1Khz-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908153700.B72780>