Date: Sat, 8 Sep 2001 17:40:42 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Deepak Jain <deepak@ai.net> Cc: Kris Kennaway <kris@obsecurity.org>, D J Hawkey Jr <hawkeyd@visi.com>, Alexander Langer <alex@big.endian.de>, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <20010908174042.A88337@xor.obsecurity.org> In-Reply-To: <GPEOJKGHAMKFIOMAGMDIIEIPFHAA.deepak@ai.net>; from deepak@ai.net on Sat, Sep 08, 2001 at 08:41:53PM -0400 References: <20010908153700.B72780@xor.obsecurity.org> <GPEOJKGHAMKFIOMAGMDIIEIPFHAA.deepak@ai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 08, 2001 at 08:41:53PM -0400, Deepak Jain wrote: >=20 > Presumably, a user in userland has root to be loading a kernel module in = the > first place. >=20 > This user could easily edit the rc.conf file to boot up in securelevel=3D= -1 > and reboot the machine -- as well as circumvent most notifications about = the > reboot. >=20 > Hell, if I wanted to compromise a box, screwing the kernel directly is the > way to go. Especially for remotely administered boxes, there is almost no > downside. Yes, you're now getting into the reasons why securelevel isn't a very robust security feature, which has been well-covered on this list in the past. Kris --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7mrqKWry0BWjoQKURAvOAAJ0dWZ7iGKyDqvC/+EJuEHpFAJPw4QCguR5m LLAsFLXZDMuDCmX8CEl6jbc= =G/A+ -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908174042.A88337>