Date: Thu, 23 Mar 2000 17:45:21 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> Cc: advocacy@FreeBSD.ORG Subject: Re: New article Message-ID: <20000323174521.A25459@orion.ac.hmc.edu> In-Reply-To: <4.1.20000324022914.00cbed30@mail.rz.fh-wilhelmshaven.de>; from ohoyer@fbwi.fh-wilhelmshaven.de on Fri, Mar 24, 2000 at 02:33:30AM %2B0100 References: <200003231326.IAA24776@blackhelicopters.org> <38DA7A60.B7C23121@newsguy.com> <38DA950C.D4DCE9CC@softweyr.com> <38DAB25B.E2BBC400@newsguy.com> <4.1.20000324022914.00cbed30@mail.rz.fh-wilhelmshaven.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 24, 2000 at 02:33:30AM +0100, Olaf Hoyer wrote: > Question: Is a loadable kernel module not a potential security risk? > > I mean, if some module (which runs on a deeper, priviliged mode) has some > malicous code in it, or simply is buggy, and is loaded during runtime, it > could cause a box to simply crash. > > Imagine some attacker exchanging some kernel module against own code, and > causing that module to be loaded (say, some driver for access to certain > filesystems, or zip drive etc...), or waiting for the module to be loaded > (say, for regular, scheduled activities like backups or batch jobs or so) > > Wouldn't it be safer, from a technical point of view, to allow as less > than possible kernel modules, thus enhancing stability and uptime? The short answer is yes. The longer answer is not if you do things right. First, the kernel controls the ability to load modules once it is running so you can tell it to not allow the loading of any more modules. I think you can currently compile this in or set the securelevel sufficiently high to get this behavior today. Second, the plan is the allow you to create a kernel image which contains all the modules you need in a single bundle. This gives you a static configuration even in a modular system. There's quite a bit of work to be done to get there, but that's my understanding of the final goal. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000323174521.A25459>