Date: Fri, 30 Jul 1999 13:37:17 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: "Brian F. Feldman" <green@FreeBSD.ORG> Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, hackers@FreeBSD.ORG Subject: Re: So, back on the topic of enabling bpf in GENERIC... Message-ID: <199907302037.NAA94153@apollo.backplane.com> References: <Pine.BSF.4.10.9907301619280.6951-100000@janus.syracuse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
: But even if you turn off the bpf device, you still have /dev/mem and
: /dev/kmem to worry about. For that matter, the intruder can still write
: raw devices. Also, there is another kernel feature called kldload(8).
BTW, I wrote this section because a hacker actually installed the bpf
device via the module loader during one of the root compromises at BEST,
a year or two ago. He had gotten it from a hackers cookbook of exploits
which he convieniently left on-disk long enough for our daily backups to
catch it :-).
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907302037.NAA94153>