Date: Wed, 05 Nov 1997 20:01:14 -0800 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: Chuck Robey <chuckr@Glue.umd.edu> Cc: Matthew Thyer <Matthew.Thyer@dsto.defence.gov.au>, freebsd-current@FreeBSD.ORG Subject: Re: [Fwd: Malicious Linux modules - be worried !] Message-ID: <4473.878788874@time.cdrom.com> In-Reply-To: Your message of "Wed, 05 Nov 1997 19:47:03 EST." <Pine.BSF.3.96.971105193910.3678J-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
> I don't always tend to be the most paranoid person around, so it seems a > lot of trouble, tho, because if someone's got root privs already, this is > just one of many possible things to kill. Why go to this kind of trouble, True, though the whole idea with BSD's secure levels is to make a root compromise far less potentially damaging if you've set up the server in question to be "hardened" against such things. The fact that this doesn't always work 100% in practice is still not a general indictment of the whole concept, however, as it's a pretty good idea to try and make a machine secure enough that physical access is required to seriously compromise it. Perhaps we should add a hook to disable the loading of LKMs entirely if the secure level is above a certain number. Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4473.878788874>