Date: Thu, 11 Mar 1999 16:25:22 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: newton@camtech.com.au (Mark Newton) Cc: ark@eltex.ru, freebsd-security@Freebsd.org Subject: Re: FreeBSD SKIP port updated Message-ID: <199903120025.QAA99732@bubba.whistle.com> In-Reply-To: <199903120019.KAA05025@frenzy.ct> from Mark Newton at "Mar 12, 99 10:49:07 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Newton writes: > > I thought the disabling of KLD's only blocked the kldload() process. > > Guess not. > > From a brief look at the source, you might be right. > > This is bad. I'd think disabling KLDs should totally disable the > in-kernel linker. Otherwise someone could get new modules into your > kernel by adding 'em to loader.rc and forcing a reboot. The counter argument to that is that if someone can modify this file or reboot your computer they already are root and can pretty much do anything anyway, regardless of the securelevel setting. I'm sure there are counter-counter arguments to this though :-) -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903120025.QAA99732>