From owner-freebsd-arch Sun Jul 9 16:54:10 2000 Delivered-To: freebsd-arch@freebsd.org Received: from mail-relay.eunet.no (mail-relay.eunet.no [193.71.71.242]) by hub.freebsd.org (Postfix) with ESMTP id 0409637B631 for ; Sun, 9 Jul 2000 16:54:08 -0700 (PDT) (envelope-from mbendiks@eunet.no) Received: from login-1.eunet.no (login-1.eunet.no [193.75.110.2]) by mail-relay.eunet.no (8.9.3/8.9.3/GN) with ESMTP id BAA87116; Mon, 10 Jul 2000 01:54:07 +0200 (CEST) (envelope-from mbendiks@eunet.no) Received: from localhost (mbendiks@localhost) by login-1.eunet.no (8.9.3/8.8.8) with ESMTP id BAA88632; Mon, 10 Jul 2000 01:54:06 +0200 (CEST) (envelope-from mbendiks@eunet.no) X-Authentication-Warning: login-1.eunet.no: mbendiks owned process doing -bs Date: Mon, 10 Jul 2000 01:54:06 +0200 (CEST) From: Marius Bendiksen To: Adam Cc: Alfred Perlstein , arch@FreeBSD.ORG Subject: Re: making the snoop device loadable. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Why did it exist from FreeBSD-WhoKnowsWhen until 1999? I'd like to use X As I recall, this had something to do with shrinking the kernel for PicoBSD, amongst other things. > why NO_LKM is bad but couldn't find anything. Could you help me find a > discussion on it or tell me why disabling kernel modules is *not* > security? Assuming I'd notice a reboot and would consequently whup some > butt if someone did. Thing is; disabling kernel modules will avail you little, as an illegitimate user can still use the memory devices to access physical memory, and thus binary patch a live kernel. This is hard, but it can, and has been done. Eivind mentioned one particular case with a person who binary-patched the kernel of an old Unix to bypass the 14 character file name length limitation without severing the uptime. Marius To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message