From owner-freebsd-security  Thu May 21 12:02:56 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA04764
          for freebsd-security-outgoing; Thu, 21 May 1998 12:02:56 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gateman.zeus.leitch.com (gateman.zeus.leitch.com [204.187.61.193])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA04463
          for <freebsd-security@FreeBSD.ORG>; Thu, 21 May 1998 12:01:40 -0700 (PDT)
          (envelope-from woods@tap.zeus.leitch.com)
Received: from zeus.leitch.com (tap.zeus.leitch.com [204.187.61.10]) by gateman.zeus.leitch.com (8.8.5/8.7.3/1.0) with ESMTP id PAA01303; Thu, 21 May 1998 15:01:21 -0400 (EDT)
Received: from brain.zeus.leitch.com (brain.zeus.leitch.com [204.187.61.32]) by zeus.leitch.com (8.7.5/8.7.3/1.0) with ESMTP id PAA03747; Thu, 21 May 1998 15:01:23 -0400 (EDT)
Received: (from woods@localhost)
	by brain.zeus.leitch.com (8.8.8/8.8.8) id PAA23176;
	Thu, 21 May 1998 15:01:23 -0400 (EDT)
	(envelope-from woods@tap.zeus.leitch.com)
Date: Thu, 21 May 1998 15:01:23 -0400 (EDT)
Message-Id: <199805211901.PAA23176@brain.zeus.leitch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@zeus.leitch.com (Greg A. Woods)
To: Philippe Regnauld <regnauld@deepo.prosa.dk>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Virus on FreeBSD
In-Reply-To: Philippe Regnauld's message
	of "Thu, May 21, 1998 18:15:55 +0200"
	regarding "Re: Virus on FreeBSD"
	id <19980521181555.59333@deepo.prosa.dk>
References: <199805210018.RAA04596@passer.osg.gov.bc.ca>
	<199805210149.LAA25157@frenzy.ct>
	<199805211431.KAA17444@brain.zeus.leitch.com>
	<19980521181555.59333@deepo.prosa.dk>
X-Mailer: VM 6.45 under Emacs 20.2.1
Reply-To: freebsd-security@FreeBSD.ORG
Organization: Planix, Inc.; Toronto, Ontario; Canada
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

[ On Thu, May 21, 1998 at 18:15:55 (+0200), Philippe Regnauld wrote: ]
> Subject: Re: Virus on FreeBSD
>
> Greg A. Woods writes:
> 
> > Anyone who's read that article and has even the tiniest amount of
> > imagination would *NEVER* run LKMs on a production machine.  Sure
> 
> 	BTW, is there a mechanism to disable loading of LKMs ?
> 	(of course, removing the modload command is one way) -- I was
> 	thinking about something that looked at the securelevel
> 	and refused to load/unload a module depending on it.

Not difficult at all, thankfully.  Just define NO_LKM in your kernel
configuration (from the /sys/i386/conf/LINT kernel config example):

	# If you want to disable loadable kernel modules (LKM), you
	# might want to use this option.
	options         NO_LKM

I've not done a code walkthrough to ensure this is 100%, but it's a good
start and at least prevents modload from being useful.
 
-- 
							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message