Bugtraq mailing list archives
Re: Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools)
From: Mark.Graff () Eng Sun COM ( Mark Graff )
Date: Wed, 8 Feb 1995 16:35:00 -0800
On the subject of disabling kernel module loading on SunOS 4.1.x: several people asked me what the side effects of this might be. I researched it; and the answer appears to be that what the user gives up, so far as supported vendor software, is the ability to run OpenWindows with the "-nosunview" option. That is, if you disable loadmodule, or modload, or the loading of modules, the kernel will not be able to load keyboard and mouse drivers on the fly that the server usually relies on the sunview code to supply. I haven't tried this on SunOS 5.x but my expectation would be that Solaris 2.3 would act the same as 4.1.x, and later versions would barf altogether. -mg- From owner-bugtraq () fc net Tue Feb 7 15:18:16 1995 Subject: Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools) To: shipley () merde dis org (Pete Shipley) Date: Tue, 7 Feb 1995 22:22:31 +0000 (GMT) Cc: bugtraq () fc net Precedence: bulk
This program disables and open and ioctl of /dev/vd thus
blocking modload and modstat from from funtioning. The
use of this is to disable people (crackers) from installing
"unwanted" drivers.
As far as SunOS 4.1.X security is concerned, you are probably better off disabling loadable modules altogether by commenting out the options VDDRV # loadable modules line in the kernel configuration and linking in the loadable modules that you want in a permanent fashion, as though they were ordinary device-driver object files. Also, once you've done this, you can delete (or at least de-suid) /usr/kvm/modload. I haven't tried this with evqmod-sun4*.o or winlock-sun4*.o, (I don't use them, though I would be interested in experiences). However, I have done it with a frame-buffer loadable module, and in general it should work unless the module has been written such that the act of loading/unloading does something that would be traditionally associated with first opens or last closes. -- Jeff Smith, Computer Science, Warwick University, Coventry, CV4 7AL, England jeff () dcs warwick ac uk phone: +44 203 523485 fax: +44 203 525714
Current thread:
- Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools) Jeff Smith (Feb 07)
- <Possible follow-ups>
- Re: Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools) Mark Graff (Feb 08)
- Re: Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools) Jeff Smith (Feb 09)