On Sep 08, at 06:15 PM, Peter Pentchev wrote:
>
> On Sat, Sep 08, 2001 at 07:44:45AM -0500, D J Hawkey Jr wrote:
> > On Sep 08, at 02:32 PM, Alexander Langer wrote:
> > >
> > > Thus spake D J Hawkey Jr (hawkeydvisi.com):
> > >
> > > > > This still lets you load own kernel modules.
> > > >
> > > > Not if you blow away the /modules directory (note that I haven't tried
> > > > this).
> > >
> > > /me hands Dave a decent C compiler and some C h0h0magic.
> >
> > I didn't write "build the kernel without it".
> >
> > As I wrote, I hadn't tried it. I take it one cannot remove that tree,
> > even after seeing that the kernel doesn't need it? I'm meaning run-time
> > here, not build-time.
>
> I believe that what Alex meant is that you can simulate kldload(8)'s
> functionality in a little C program of your own. Even more than that,
> kldload(8) itself allows you to specify a full path to a module,
> not just a filename, so even if you blow away the /modules directory,
> J. Random Luser can still 'kldload /var/tmp/rkit.kld'.
>
> Yes, you can remove /modules; no, that does not gain you any safety.

Kris addressed this, too, and yes, you're both right.

Q: Can the kernel be "forced" to load a module from within itself? That
is, does a cracker need to be in userland?

> G'luck,
> Peter

Dave

-- 
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]