Date: Mon, 12 Jul 1999 19:45:57 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: robert+freebsd@cyrus.watson.org Cc: security@freebsd.org Subject: Re: Module magic Message-ID: <199907120945.TAA09669@cheops.anu.edu.au> In-Reply-To: <Pine.BSF.3.96.990712053316.9028A-100000@fledge.watson.org> from "Robert Watson" at Jul 12, 99 05:38:37 am
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Robert Watson, sie said: > > Have to be a little careful with structs such as struct proc that have > zero-able and copy-able sections at fork(). As using securelevels to > disable module loading is currently not really too feasible for the > mass-market, the best thing to do might just be to provide a sysctl that > turns off module loading, and encourage server users to toggle the sysctl > once all needed modules are loaded to prevent nasty-modules from being > loaded. Needless to say, it would be a one-way toggle. :-) FWIW, I believe NetBSD systems (and OpenBSD systems) ship configured to boot with securelevel == 0, as opposed to FreeBSD which appears to default to -1. FreeBSD should be the same as the others, in this respect. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907120945.TAA09669>