From owner-freebsd-current  Thu Mar 21  4:18:58 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14])
	by hub.freebsd.org (Postfix) with ESMTP
	id D51DB37B427; Thu, 21 Mar 2002 04:18:34 -0800 (PST)
Received: from beagle (beagle [193.175.132.100])
	by mailhub.fokus.gmd.de (8.11.6/8.11.6) with ESMTP id g2LCIVb13699;
	Thu, 21 Mar 2002 13:18:32 +0100 (MET)
Date: Thu, 21 Mar 2002 13:18:31 +0100 (CET)
From: Harti Brandt <brandt@fokus.gmd.de>
To: current@freebsd.org, <arr@freebsd.org>, <rwatson@freebsd.org>
Subject: Rev. 1.82 of kern_linker.c disables module loads...
Message-ID: <20020321131551.T18713-100000@beagle.fokus.gmd.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


Hello,

This revision of kern_linker.c entirly disables module loads from /etc/rc
during boot:

revision 1.82
date: 2002/03/20 16:03:42;  author: arr;  state: Exp;  lines: +10 -6
- Change a check of securelevel to securelevel_gt() call in order to help
  against users within a jail attempting to load kernel modules.
- Add a check of securelevel_gt() to vfs_mount() in order to chop some
  low hanging fruit for the repair of securelevel checking of linking and
  unlinking files from within jails.  There is more to be done here.

Reviewed by: rwatson

Regards,
harti
-- 
harti brandt, http://www.fokus.gmd.de/research/cc/cats/employees/hartmut.brandt/private
              brandt@fokus.fhg.de


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message