Date: Wed, 10 Oct 2001 11:43:27 +0200 (CEST) From: Alexander Leidinger <Alexander@Leidinger.net> To: cjclark@alum.mit.edu Cc: Alexander Langer <alex@big.endian.de>, deepak@ai.net, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <200110100943.f9A9hSK00843@Magelan.Leidinger.net> In-Reply-To: <20011004023034.U8391@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I went in and made a very simple kernel-build option which disables > the use of kldload(2) (and kldunload(2)) at all times. This is not as > good as raising securelevel(8) since root can still write to > /dev/mem. However, a lot of people in this thread still seem to want > this ability. Since you can still write to /dev/mem, it is only raises > the bar a bit for an attacker. But it does raise the bar enough to > possibly foil a skr1pt k1ddi3 or two. If my memory serves me right there was an effort on -audit in the last months to remove the need for /dev/mem. If this work is finished, the NO_KLD patch would be more useful. If you commit this, you didn't only raise the bar a bit for an attacker, it also would harden the system when /dev/mem isn't needed anymore (maybe before 5.0-RELEASE, maybe not). Bye, Alexander. -- ...and that is how we know the Earth to be banana-shaped. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110100943.f9A9hSK00843>