Date: Thu, 6 Nov 1997 02:21:25 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: Matthew.Thyer@dsto.defence.gov.au (Matthew Thyer) Cc: freebsd-current@FreeBSD.ORG Subject: Re: [Fwd: Malicious Linux modules - be worried !] Message-ID: <199711060221.TAA13397@usr03.primenet.com> In-Reply-To: <34611335.8601A3B@dsto.defence.gov.au> from "Matthew Thyer" at Nov 6, 97 11:15:41 am
next in thread | previous in thread | raw e-mail | index | archive | help
> I assume FreeBSD LKMs could do this kind of thing too. Yesi, unlesss you run at secure level 2, which does not allow module loading. You can also do this on older SVR3/4 systems with device driver loading and no system call or other module type loading. There is nothing that prevents patching the system call table from any loadable module. In fact, techinically, you can write /dev/kmem to get this same functionality, even if you have no module loader mechanism at all, so your implied feeling of security from not having one is false. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711060221.TAA13397>