Date: Wed, 10 Oct 2001 11:43:27 +0200 (CEST) From: Alexander Leidinger <Alexander@Leidinger.net> To: cjclark@alum.mit.edu Cc: Alexander Langer <alex@big.endian.de>, deepak@ai.net, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <200110100943.f9A9hSK00843@Magelan.Leidinger.net> In-Reply-To: <20011004023034.U8391@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I went in and made a very simple kernel-build option which disables
> the use of kldload(2) (and kldunload(2)) at all times. This is not as
> good as raising securelevel(8) since root can still write to
> /dev/mem. However, a lot of people in this thread still seem to want
> this ability. Since you can still write to /dev/mem, it is only raises
> the bar a bit for an attacker. But it does raise the bar enough to
> possibly foil a skr1pt k1ddi3 or two.
If my memory serves me right there was an effort on -audit in the last
months to remove the need for /dev/mem. If this work is finished, the
NO_KLD patch would be more useful. If you commit this, you didn't only
raise the bar a bit for an attacker, it also would harden the system
when /dev/mem isn't needed anymore (maybe before 5.0-RELEASE, maybe
not).
Bye,
Alexander.
--
...and that is how we know the Earth to be banana-shaped.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110100943.f9A9hSK00843>