Date: Thu, 04 Oct 2001 10:35:34 -0700 From: Eli Dart <dart@nersc.gov> To: freebsd-security@freebsd.org Subject: Re: Kernel-loadable Root Kits Message-ID: <20011004173535.0A2DE3B19D@gemini.nersc.gov> In-Reply-To: Your message of Thu, 04 Oct 2001 02:30:34 PDT. <20011004023034.U8391@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_-1030261826P
Content-Type: text/plain; charset=us-ascii
In reply to "Crist J. Clark" <cristjc@earthlink.net> :
[snip]
> Have fun. Unless there is outpouring from people who love the idea,
> I'm not going to commit these to FreeBSD.
Please consider this as part of an outpouring of support from people
who love the idea. I don't always have the option of running a box
in securelevel 1, and I would like to have this knob available, even
though it doesn't fix the problem all the way. Something similar
used to exist in FreeBSD 3.x -- I was sorry when it went away.
--eli
> --
> Crist J. Clark cjclark@alum.mit.edu
> cjclark@jhu.edu
> cjc@freebsd.org
>
> --h31gzZEtNLTqOjlF
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment; filename="sys_stable.patch"
>
> Index: sys/conf/options
> ===================================================================
> RCS file: /export/ncvs/src/sys/conf/options,v
> retrieving revision 1.191.2.36
> diff -u -r1.191.2.36 options
> --- sys/conf/options 2001/09/15 00:50:35 1.191.2.36
> +++ sys/conf/options 2001/10/04 08:21:10
> @@ -464,3 +464,6 @@
> FDC_DEBUG opt_fdc.h
> PCFCLOCK_VERBOSE opt_pcfclock.h
> PCFCLOCK_MAX_RETRIES opt_pcfclock.h
> +
> +# Disable loading and unloading of kernel modules
> +NO_KLD opt_kern_linker.h
> Index: sys/kern/kern_linker.c
> ===================================================================
> RCS file: /export/ncvs/src/sys/kern/kern_linker.c,v
> retrieving revision 1.41.2.2
> diff -u -r1.41.2.2 kern_linker.c
> --- sys/kern/kern_linker.c 2000/07/16 13:13:32 1.41.2.2
> +++ sys/kern/kern_linker.c 2001/10/04 08:10:05
> @@ -27,6 +27,7 @@
> */
>
> #include "opt_ddb.h"
> +#include "opt_kern_linker.h"
>
> #include <sys/param.h>
> #include <sys/kernel.h>
> @@ -648,6 +649,10 @@
> int
> kldload(struct proc* p, struct kldload_args* uap)
> {
> +#ifdef NO_KLD
> + /* Always return error. */
> + return EPERM;
> +#else
> char* filename = NULL, *modulename;
> linker_file_t lf;
> int error = 0;
> @@ -685,11 +690,16 @@
> if (filename)
> free(filename, M_TEMP);
> return error;
> +#endif
> }
>
> int
> kldunload(struct proc* p, struct kldunload_args* uap)
> {
> +#ifdef NO_KLD
> + /* Always fail. */
> + return EPERM;
> +#else
> linker_file_t lf;
> int error = 0;
>
> @@ -716,6 +726,7 @@
>
> out:
> return error;
> +#endif
> }
>
> int
>
> --h31gzZEtNLTqOjlF
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment; filename="sys_current.patch"
>
> Index: sys/conf/options
> ===================================================================
> RCS file: /export/ncvs/src/sys/conf/options,v
> retrieving revision 1.295
> diff -u -r1.295 options
> --- sys/conf/options 2001/09/29 22:32:00 1.295
> +++ sys/conf/options 2001/10/04 08:07:37
> @@ -526,3 +527,6 @@
>
> # ed driver
> ED_NO_MIIBUS opt_ed.h
> +
> +# Disable loading and unloading of kernel modules
> +NO_KLD opt_kern_linker.h
> Index: sys/i386/conf/NOTES
> ===================================================================
> RCS file: /export/ncvs/src/sys/i386/conf/NOTES,v
> retrieving revision 1.961
> diff -u -r1.961 NOTES
> --- sys/i386/conf/NOTES 2001/09/29 22:31:57 1.961
> +++ sys/i386/conf/NOTES 2001/10/04 08:07:51
> @@ -106,6 +106,10 @@
> #
> options ROOTDEVNAME=\"ufs:da0s2e\"
>
> +# This prevents KLDs from being loaded at all. For those who want the
> +# added security but cannot run at an elevated securelevel(8).
> +#options NO_KLD
> +
>
> #####################################################################
> # SMP OPTIONS:
> Index: sys/kern/kern_linker.c
> ===================================================================
> RCS file: /export/ncvs/src/sys/kern/kern_linker.c,v
> retrieving revision 1.69
> diff -u -r1.69 kern_linker.c
> --- sys/kern/kern_linker.c 2001/09/12 08:37:44 1.69
> +++ sys/kern/kern_linker.c 2001/10/04 07:47:05
> @@ -27,6 +27,7 @@
> */
>
> #include "opt_ddb.h"
> +#include "opt_kern_linker.h"
>
> #include <sys/param.h>
> #include <sys/kernel.h>
> @@ -685,6 +686,10 @@
> int
> kldload(struct thread* td, struct kldload_args* uap)
> {
> +#ifdef NO_KLD
> + /* Always fail */
> + return EPERM;
> +#else
> char *kldname, *modname;
> char *pathname = NULL;
> linker_file_t lf;
> @@ -727,6 +732,7 @@
> free(pathname, M_TEMP);
> mtx_unlock(&Giant);
> return (error);
> +#endif
> }
>
> /*
> @@ -735,6 +741,10 @@
> int
> kldunload(struct thread* td, struct kldunload_args* uap)
> {
> +#ifdef NO_KLD
> + /* Always fail */
> + return EPERM;
> +#else
> linker_file_t lf;
> int error = 0;
>
> @@ -764,6 +774,7 @@
> out:
> mtx_unlock(&Giant);
> return (error);
> +#endif
> }
>
> /*
>
> --h31gzZEtNLTqOjlF--
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--==_Exmh_-1030261826P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: This is a comment.
iD8DBQE7vJ3mLTFEeF+CsrMRAtzVAKCKBeMdrN1POOyVUvEaa5jVQ9bDDwCgj7Li
xr9Vxrm32E8N/QruZsl2fpY=
=671C
-----END PGP SIGNATURE-----
--==_Exmh_-1030261826P--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004173535.0A2DE3B19D>