Date: 30 May 1999 17:11:04 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: "Jan B. Koum " <jkb@best.com> Cc: William Woods <wwoods@cybcon.com>, Justin Wolf <jjwolf@bleeding.com>, FreeBSD Security <freebsd-security@FreeBSD.ORG> Subject: Re: System beeing cracked! Message-ID: <xzpg14ebnjr.fsf@localhost.ping.uio.no> In-Reply-To: "Jan B. Koum "'s message of "Sat, 29 May 1999 17:03:25 -0700" References: <006201bea999$ee5e4b00$06c3fe90@cisco.com> <000001beaa1c$3b44bf80$264b93cd@william> <19990529170325.A28298@best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jan B. Koum " <jkb@best.com> writes: > On the other hand, if someone cracks root and you have LKM (or KLD) enabled, > a skilled attacker can just insert a bpf module into a running system I > would guess. There is a paper on how to abuse LKM under linux at: No, The network drivers don't pass packets to bpf_tap() unless NBPFILTER was defined and non-zero at compile time. Even if you could load a bpf module, it wouldn't receive any data. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpg14ebnjr.fsf>