From owner-freebsd-bugs Mon Apr 21 09:50:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA29485 for bugs-outgoing; Mon, 21 Apr 1997 09:50:06 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA29479; Mon, 21 Apr 1997 09:50:04 -0700 (PDT) Resent-Date: Mon, 21 Apr 1997 09:50:04 -0700 (PDT) Resent-Message-Id: <199704211650.JAA29479@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, pst@jnx.com Received: from red.jnx.com (red.jnx.com [208.197.169.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA29249 for ; Mon, 21 Apr 1997 09:45:05 -0700 (PDT) Received: (from pst@localhost) by red.jnx.com (8.8.5/8.8.5) id JAA15578; Mon, 21 Apr 1997 09:44:29 -0700 (PDT) Message-Id: <199704211644.JAA15578@red.jnx.com> Date: Mon, 21 Apr 1997 09:44:29 -0700 (PDT) From: Paul Traina Reply-To: pst@jnx.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/3365: LKMs are a security hole -- need way to disable them Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 3365 >Category: kern >Synopsis: LKMs are a security hole -- need way to disable them >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Apr 21 09:50:02 PDT 1997 >Last-Modified: >Originator: Paul Traina >Organization: Juniper Networks >Release: FreeBSD 2.2-STABLE i386 >Environment: Any FreeBSD machine where you'd like to stop someone who gains root from mucking with your kernel. >Description: It's too easy for someone to gain root and add optional functionality to your kernel (such as the snp pseudo-device, or perhaps BPF support...albiet BPF is a bit harder). >How-To-Repeat: >Fix: I'd like to request two changes: (a) if securitylevel > N then LKM loading is disabled in the kernel (N = the same level that disables changing of the schg flag) (b) a kernel option to disable LKM loading Both of these are good 2.2-stable cannidates. >Audit-Trail: >Unformatted: