From owner-freebsd-security  Sun May 30  8:11:31 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 3CC8914D23
	for <freebsd-security@FreeBSD.ORG>; Sun, 30 May 1999 08:11:18 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.1) id RAA14812;
	Sun, 30 May 1999 17:11:08 +0200 (CEST)
	(envelope-from des)
To: "Jan B. Koum " <jkb@best.com>
Cc: William Woods <wwoods@cybcon.com>,
	Justin Wolf <jjwolf@bleeding.com>,
	FreeBSD Security <freebsd-security@FreeBSD.ORG>
Subject: Re: System beeing cracked!
References: <006201bea999$ee5e4b00$06c3fe90@cisco.com> <000001beaa1c$3b44bf80$264b93cd@william> <19990529170325.A28298@best.com>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 30 May 1999 17:11:04 +0200
In-Reply-To: "Jan B. Koum "'s message of "Sat, 29 May 1999 17:03:25 -0700"
Message-ID: <xzpg14ebnjr.fsf@localhost.ping.uio.no>
Lines: 12
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

"Jan B. Koum " <jkb@best.com> writes:
> On the other hand, if someone cracks root and you have LKM (or KLD) enabled,
> a skilled attacker can just insert a bpf module into a running system I
> would guess. There is a paper on how to abuse LKM under linux at:

No, The network drivers don't pass packets to bpf_tap() unless
NBPFILTER was defined and non-zero at compile time. Even if you could
load a bpf module, it wouldn't receive any data.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message