From owner-freebsd-advocacy Fri Mar 24 1: 7:55 2000 Delivered-To: freebsd-advocacy@freebsd.org Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87]) by hub.freebsd.org (Postfix) with ESMTP id E249C37BBF3 for ; Fri, 24 Mar 2000 01:07:52 -0800 (PST) (envelope-from dcs@newsguy.com) Received: from newsguy.com (p06-dn03kiryunisiki.gunma.ocn.ne.jp [210.232.224.135]) by peach.ocn.ne.jp (8.9.1a/OCN) with ESMTP id SAA27964; Fri, 24 Mar 2000 18:07:46 +0900 (JST) Message-ID: <38DB2B63.82552C96@newsguy.com> Date: Fri, 24 Mar 2000 17:46:27 +0900 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en,pt-BR,ja MIME-Version: 1.0 To: Olaf Hoyer Cc: advocacy@FreeBSD.ORG Subject: Re: New article References: <200003231326.IAA24776@blackhelicopters.org> <38DA7A60.B7C23121@newsguy.com> <38DA950C.D4DCE9CC@softweyr.com> <4.1.20000324022914.00cbed30@mail.rz.fh-wilhelmshaven.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Olaf Hoyer wrote: > > Question: Is a loadable kernel module not a potential security risk? Not really. > I mean, if some module (which runs on a deeper, priviliged mode) has some > malicous code in it, or simply is buggy, and is loaded during runtime, it > could cause a box to simply crash. What's the difference between a buggy module loaded at runtime, and one compiled in the kernel? As for malicious code... what are you doing loading such a module??? :-) > Imagine some attacker exchanging some kernel module against own code, and > causing that module to be loaded (say, some driver for access to certain > filesystems, or zip drive etc...), or waiting for the module to be loaded > (say, for regular, scheduled activities like backups or batch jobs or so) So??? If the hacker compromised root, he can just replace the whole kernel if he wants. *IF ROOT WAS COMPROMISED, THE GAME IS OVER ALREADY*. Really. No, I mean it. There is no such thing as "making things easier" once root was compromised. You lost, and any attempt to "make things difficult" is an exercise in self-delusion. > Wouldn't it be safer, from a technical point of view, to allow as less > than possible kernel modules, thus enhancing stability and uptime? Nope. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@zurichgnomes.bsdconspiracy.net One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone bind them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message