Bugtraq mailing list archives
Re: Unprivilegued settings for FreeBSD kernel variables
From: wietse () porcupine org (Wietse Venema)
Date: Sat, 19 Jun 2004 17:38:09 -0400 (EDT)
Valdis.Kletnieks () vt edu: -- Start of PGP signed section.
On Thu, 17 Jun 2004 13:28:59 +0200, Manuel Bouyer said:On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote:[...] AFFECTED DISTRIBUTIONS: FreeBSD 5.x i386 FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed)NetBSD is not, a LKM can't be loaded if securelevel is > 0.Note *very* carefully the fact that the statement "you can't load a LKM" is not totally identical to "you can't cause an LKM to be in the kernel". Hunt down the Phrack article on loading an LKM into a Linux kernel *that doesn't even have module support*, and ask yourself if you're quite as sure that there is *zero* vulnerability there....
FYI, with BSD securelevel > 0, you can't poke a module into the kernel via /dev/*mem, so this Linux loading method won't work. Likewise, write access to mounted devices is forbidden. Without such restrictions, securelevels would be pretty much meaningless. For more details, please see "man securelevel" or equivalent. Wietse
Current thread:
- Unprivilegued settings for FreeBSD kernel variables Radko Keves (Jun 15)
- Re: Unprivilegued settings for FreeBSD kernel variables Dag-Erling Smørgrav (Jun 16)
- Re: Unprivilegued settings for FreeBSD kernel variables Eygene A. Ryabinkin (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Jason V. Miller (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Christian Ullrich (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Ivaylo Kostadinov (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Eygene A. Ryabinkin (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Manuel Bouyer (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Valdis . Kletnieks (Jun 19)
- Re: Unprivilegued settings for FreeBSD kernel variables Wietse Venema (Jun 22)
- Re: Unprivilegued settings for FreeBSD kernel variables Henning Brauer (Jun 19)
- Re: Unprivilegued settings for FreeBSD kernel variables Valdis . Kletnieks (Jun 19)
- Re: Unprivilegued settings for FreeBSD kernel variables Jason V. Miller (Jun 21)
- <Possible follow-ups>
- Re: Unprivilegued settings for FreeBSD kernel variables blexim (Jun 20)
- Re: Unprivilegued settings for FreeBSD kernel variables Dag-Erling Smørgrav (Jun 16)