[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040619213809.42774BC078@spike.porcupine.org>
Date: Sat, 19 Jun 2004 17:38:09 -0400 (EDT)
From: wietse@...cupine.org (Wietse Venema)
To: Valdis.Kletnieks@...edu
Cc: Manuel Bouyer <bouyer@...ioche.eu.org>,
bugtraq@...urityfocus.com, cert@...t.org, phrackstaff@...ack.org,
staff@...ketstormsecurity.org, security@...eBSD.org
Subject: Re: Unprivilegued settings for FreeBSD kernel variables
Valdis.Kletnieks@...edu:
-- Start of PGP signed section.
> On Thu, 17 Jun 2004 13:28:59 +0200, Manuel Bouyer said:
> > On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote:
> > > [...]
> > >
> > > AFFECTED DISTRIBUTIONS:
> > > FreeBSD 5.x i386
> > > FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed)
> >
> > NetBSD is not, a LKM can't be loaded if securelevel is > 0.
>
> Note *very* carefully the fact that the statement "you can't load a LKM" is not
> totally identical to "you can't cause an LKM to be in the kernel".
>
> Hunt down the Phrack article on loading an LKM into a Linux kernel *that
> doesn't even have module support*, and ask yourself if you're quite as sure
> that there is *zero* vulnerability there....
FYI, with BSD securelevel > 0, you can't poke a module into the
kernel via /dev/*mem, so this Linux loading method won't work.
Likewise, write access to mounted devices is forbidden. Without
such restrictions, securelevels would be pretty much meaningless.
For more details, please see "man securelevel" or equivalent.
Wietse
Powered by blists - more mailing lists