| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Jun 2004 17:38:09 -0400 (EDT) From: wietse@...cupine.org (Wietse Venema) To: Valdis.Kletnieks@...edu Cc: Manuel Bouyer <bouyer@...ioche.eu.org>, bugtraq@...urityfocus.com, cert@...t.org, phrackstaff@...ack.org, staff@...ketstormsecurity.org, security@...eBSD.org Subject: Re: Unprivilegued settings for FreeBSD kernel variables Valdis.Kletnieks@...edu: -- Start of PGP signed section. > On Thu, 17 Jun 2004 13:28:59 +0200, Manuel Bouyer said: > > On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote: > > > [...] > > > > > > AFFECTED DISTRIBUTIONS: > > > FreeBSD 5.x i386 > > > FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed) > > > > NetBSD is not, a LKM can't be loaded if securelevel is > 0. > > Note *very* carefully the fact that the statement "you can't load a LKM" is not > totally identical to "you can't cause an LKM to be in the kernel". > > Hunt down the Phrack article on loading an LKM into a Linux kernel *that > doesn't even have module support*, and ask yourself if you're quite as sure > that there is *zero* vulnerability there.... FYI, with BSD securelevel > 0, you can't poke a module into the kernel via /dev/*mem, so this Linux loading method won't work. Likewise, write access to mounted devices is forbidden. Without such restrictions, securelevels would be pretty much meaningless. For more details, please see "man securelevel" or equivalent. Wietse
Powered by blists - more mailing lists