[833] in bugtraq
Re: Anti Hijacking tools
daemon@ATHENA.MIT.EDU (jsz)
Sat Jan 28 11:34:07 1995
From: jsz@ramon.bgu.ac.il (jsz)
To: mouse@Collatz.McRCIM.McGill.EDU (der Mouse)
Date: Sat, 28 Jan 1995 17:41:34 +0200 (IST)
Cc: bugtraq@fc.net
In-Reply-To: <199501281532.KAA26428@Collatz.McRCIM.McGill.EDU> from "der Mouse" at Jan 28, 95 10:32:55 am
>
> > AntiHijacking tool? It disables sun4's kernel ability to modload
> > modules on fly,
>
> Right; this is the whole point.
Ok. This won't be a solution for Solaris 2.X, where whole concept of
modules in kernel is built upon loading them.
>
> > thus also disables things like ppp, slip, et al.
>
> Only if your ppp/slip requires loading a kernel module at run-time. My
> serial IP code doesn't depend on LKMs at all. Most that do can
> probably be loaded in /etc/rc.local before the door is locked.
>
> > I won't call it a solution.
>
> Well, you're welcome to call it - or not call it - whatever you like.
> I don't call it a solution either, but more because the security can so
> easily be defeated with the help of a reboot.
Can't you reload kernel itself in kmem? Why reboot?
>
> And of course, if your environment doesn't call for "things like ppp,
> slip, et al", this doesn't matter at all. Nobody _has_ to use either
> of these things; they're just one more option available that some may
> choose to avail themselves of.
OW 3.0 & 3.0_U1 (that's for Solaris 1.1.X) by default supports
sunview facility, and when you disable this facility (for better performance)
by "openwin -sunview" the display server will load a module into kernel,
called evq, (winlock can be loaded as well). In case you disable kernel's
ability to load modules on a fly, you won't be able to use it as well --
Of course you can recommend using motif..but -- another proof.
