From owner-freebsd-security  Fri Mar 24  4:36:26 2000
Delivered-To: freebsd-security@freebsd.org
Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1B23337B5D2; Fri, 24 Mar 2000 04:36:22 -0800 (PST)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12])
	by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id MAA38934;
	Fri, 24 Mar 2000 12:36:17 GMT
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id MAA02043;
	Fri, 24 Mar 2000 12:36:12 GMT
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200003241236.MAA02043@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Kris Kennaway <kris@freebsd.org>
Cc: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de>,
	security@freebsd.org, brian@hak.lan.Awfulhak.org
Subject: Re: New article 
In-Reply-To: Message from Kris Kennaway <kris@freebsd.org> 
   of "Thu, 23 Mar 2000 17:41:05 PST." <Pine.BSF.4.21.0003231738450.51855-100000@freefall.freebsd.org> 
Date: Fri, 24 Mar 2000 12:36:12 +0000
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


> On Fri, 24 Mar 2000, Olaf Hoyer wrote:
> 
> > Question: Is a loadable kernel module not a potential security risk?
> 
> Only if your machine is insecurely configured.
> 
> > Imagine some attacker exchanging some kernel module against own code, and
> > causing that module to be loaded (say, some driver for access to certain
> > filesystems, or zip drive etc...), or waiting for the module to be loaded
> > (say, for regular, scheduled activities like backups or batch jobs or so)
> 
> This is why one of the first steps in securing that box should be to give
> the modules the noschg flag. Hmm, probably this should be done by
> default, like we noschg the kernel at install-time.

The same should be done to the directory itself.  Ditto for /bin, 
/usr/bin, /sbin, /usr/sbin etc - in fact, anything that's in roots 
path.

And what about /etc/{*passwd,*pwd.db} ?  Methinks this is a large 
can of worms !

> Kris
> 
> ----
> In God we Trust -- all others must submit an X.509 certificate.
>     -- Charles Forsythe <forsythe@alum.mit.edu>
-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message