From owner-freebsd-security  Thu May 21 08:17:07 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA22167
          for freebsd-security-outgoing; Thu, 21 May 1998 08:17:07 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from unix1.it-datacntr.louisville.edu (unix1.it-datacntr.louisville.edu [136.165.4.27])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA22155
          for <freebsd-security@FreeBSD.ORG>; Thu, 21 May 1998 08:16:58 -0700 (PDT)
          (envelope-from k.stevenson@louisville.edu)
Received: from homer.louisville.edu (ktstev01@homer.it-datacntr.louisville.edu [136.165.1.20])
	by unix1.it-datacntr.louisville.edu (8.8.7/8.8.7) with ESMTP id LAA42586
	for <freebsd-security@FreeBSD.ORG>; Thu, 21 May 1998 11:16:54 -0400
Received: (from ktstev01@localhost)
	by homer.louisville.edu (8.8.8/8.8.8) id LAA12188;
	Thu, 21 May 1998 11:16:53 -0400 (EDT)
Message-ID: <19980521111653.A9283@homer.louisville.edu>
Date: Thu, 21 May 1998 11:16:53 -0400
From: Keith Stevenson <k.stevenson@louisville.edu>
To: freebsd-security@FreeBSD.ORG
Subject: LKMs (Was: Virus on FreeBSD)
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <199805210018.RAA04596@passer.osg.gov.bc.ca> <199805210149.LAA25157@frenzy.ct> <199805211431.KAA17444@brain.zeus.leitch.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <199805211431.KAA17444@brain.zeus.leitch.com>; from Greg A. Woods on Thu, May 21, 1998 at 10:31:08AM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Ok, I'll buy off on the idea that LKMs can be bad from a security standpoint.
How does one go about removing that functionality from the system?

Thanks,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson@louisville.edu
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0

On Thu, May 21, 1998 at 10:31:08AM -0400, Greg A. Woods wrote:
> 
> A "published" LKM that can do the most nasty things was in the Phrack
> newsletter issue #51.
> 
> Anyone who's read that article and has even the tiniest amount of
> imagination would *NEVER* run LKMs on a production machine.  Sure
> they're a great tool for doing OS developement and experimention at the
> lowest levels, but they're more dangerous in a production environment
> than not even having a root password in the first place (at least with
> the latter you *know* your security is blown).
> 

<snip>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message