Date: Mon, 21 Apr 1997 09:44:29 -0700 (PDT) From: Paul Traina <pst@jnx.com> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/3365: LKMs are a security hole -- need way to disable them Message-ID: <199704211644.JAA15578@red.jnx.com> Resent-Message-ID: <199704211650.JAA29479@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3365 >Category: kern >Synopsis: LKMs are a security hole -- need way to disable them >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Apr 21 09:50:02 PDT 1997 >Last-Modified: >Originator: Paul Traina >Organization: Juniper Networks >Release: FreeBSD 2.2-STABLE i386 >Environment: Any FreeBSD machine where you'd like to stop someone who gains root from mucking with your kernel. >Description: It's too easy for someone to gain root and add optional functionality to your kernel (such as the snp pseudo-device, or perhaps BPF support...albiet BPF is a bit harder). >How-To-Repeat: >Fix: I'd like to request two changes: (a) if securitylevel > N then LKM loading is disabled in the kernel (N = the same level that disables changing of the schg flag) (b) a kernel option to disable LKM loading Both of these are good 2.2-stable cannidates. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704211644.JAA15578>