Date: Sat, 8 Mar 2003 00:18:22 +0100 From: Simon Barner <barner@in.tum.de> To: freebsd-questions@freebsd.org Subject: Re: A question about kernel modules Message-ID: <20030307231822.GB1340@zi025.glhnet.mhn.de> In-Reply-To: <200303071807.27524.taxman@acd.net> References: <200303071155.43785.damien@tougas.net> <200303071807.27524.taxman@acd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--DBIVS5p969aUjpLe
Content-Type: text/plain; charset=us-ascii
Content-Description: Digitally signed message
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> So optimal security would be have every=20
> needed component compiled in, and turn off the ability to load any module=
s. =20
> I have no idea if this can be done or how in FreeBSD.
This is what securelevel(8) is about:
[...]
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted file systems, /dev/mem, and
/dev/kmem may not be opened for writing; kernel modules (see
kld(4)) may not be loaded or unloaded.
[...]
> http://packetstorm.decepticons.org/papers/unix/bsdkern.htm
Ah, interesting one! Thanks :-)
Simon
--DBIVS5p969aUjpLe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+aSi+Ckn+/eutqCoRAgMGAKDRoGbIn8GfTMX6vZDdls8qmHQzZACgzqm7
qB3jucdNO2ie/Mbkkbj/btU=
=FRRU
-----END PGP SIGNATURE-----
--DBIVS5p969aUjpLe--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030307231822.GB1340>