Date: Thu, 21 May 1998 15:01:23 -0400 (EDT) From: woods@zeus.leitch.com (Greg A. Woods) To: Philippe Regnauld <regnauld@deepo.prosa.dk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Virus on FreeBSD Message-ID: <199805211901.PAA23176@brain.zeus.leitch.com> In-Reply-To: Philippe Regnauld's message of "Thu, May 21, 1998 18:15:55 %2B0200" regarding "Re: Virus on FreeBSD" id <19980521181555.59333@deepo.prosa.dk> References: <199805210018.RAA04596@passer.osg.gov.bc.ca> <199805210149.LAA25157@frenzy.ct> <199805211431.KAA17444@brain.zeus.leitch.com> <19980521181555.59333@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
[ On Thu, May 21, 1998 at 18:15:55 (+0200), Philippe Regnauld wrote: ] > Subject: Re: Virus on FreeBSD > > Greg A. Woods writes: > > > Anyone who's read that article and has even the tiniest amount of > > imagination would *NEVER* run LKMs on a production machine. Sure > > BTW, is there a mechanism to disable loading of LKMs ? > (of course, removing the modload command is one way) -- I was > thinking about something that looked at the securelevel > and refused to load/unload a module depending on it. Not difficult at all, thankfully. Just define NO_LKM in your kernel configuration (from the /sys/i386/conf/LINT kernel config example): # If you want to disable loadable kernel modules (LKM), you # might want to use this option. options NO_LKM I've not done a code walkthrough to ensure this is 100%, but it's a good start and at least prevents modload from being useful. -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805211901.PAA23176>