[35434] in bugtraq
Re: Unprivilegued settings for FreeBSD kernel variables
daemon@ATHENA.MIT.EDU (Wietse Venema)
Tue Jun 22 19:10:29 2004
In-Reply-To: <200406182127.i5ILRVxl003930@turing-police.cc.vt.edu>
"from Valdis.Kletnieks@vt.edu at Jun 18, 2004 05:27:31 pm"
To: Valdis.Kletnieks@vt.edu
Date: Sat, 19 Jun 2004 17:38:09 -0400 (EDT)
Cc: Manuel Bouyer <bouyer@antioche.eu.org>, bugtraq@securityfocus.com,
cert@cert.org, phrackstaff@phrack.org, staff@packetstormsecurity.org,
security@FreeBSD.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20040619213809.42774BC078@spike.porcupine.org>
From: wietse@porcupine.org (Wietse Venema)
Valdis.Kletnieks@vt.edu:
-- Start of PGP signed section.
> On Thu, 17 Jun 2004 13:28:59 +0200, Manuel Bouyer said:
> > On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote:
> > > [...]
> > >
> > > AFFECTED DISTRIBUTIONS:
> > > FreeBSD 5.x i386
> > > FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed)
> >
> > NetBSD is not, a LKM can't be loaded if securelevel is > 0.
>
> Note *very* carefully the fact that the statement "you can't load a LKM" is not
> totally identical to "you can't cause an LKM to be in the kernel".
>
> Hunt down the Phrack article on loading an LKM into a Linux kernel *that
> doesn't even have module support*, and ask yourself if you're quite as sure
> that there is *zero* vulnerability there....
FYI, with BSD securelevel > 0, you can't poke a module into the
kernel via /dev/*mem, so this Linux loading method won't work.
Likewise, write access to mounted devices is forbidden. Without
such restrictions, securelevels would be pretty much meaningless.
For more details, please see "man securelevel" or equivalent.
Wietse
