Date: Fri, 12 Mar 1999 10:49:07 +1030 (CDT) From: Mark Newton <newton@camtech.com.au> To: archie@whistle.com (Archie Cobbs) Cc: newton@camtech.com.au, ark@eltex.ru, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD SKIP port updated Message-ID: <199903120019.KAA05025@frenzy.ct> In-Reply-To: <199903120015.QAA99619@bubba.whistle.com> from Archie Cobbs at "Mar 11, 99 04:15:04 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Archie Cobbs wrote:
> Mark Newton writes:
> > > > I am curious if someone tried to update it to compile in-kernel.
> > > > I don't use LKMs, i have them disabled for security reasons (no flames
> > > > please)
> > >
> > > Well, there's no reason you couldn't load it at boot time.
> > > Ie, add it to boot.conf (or loader.conf of whatever it's called).
> >
> > If you have KLDs disabled that shouldn't work (and it represents a
> > pretty major security issue if it does!)
>
> I thought the disabling of KLD's only blocked the kldload() process.
> Guess not.
From a brief look at the source, you might be right.
This is bad. I'd think disabling KLDs should totally disable the
in-kernel linker. Otherwise someone could get new modules into your
kernel by adding 'em to loader.rc and forcing a reboot.
- mark
---
Mark Newton Email: newton@camtech.com.au
Systems Engineer and Senior Trainer Phone: +61-8-8303-3300
Camtech (SA), a member of the Fax: +61-8-8303-4403
CAMTECH group of companies WWW: http://www.camtech.com.au
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903120019.KAA05025>