[933] in bugtraq
Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools)
daemon@ATHENA.MIT.EDU (Jeff Smith)
Tue Feb 7 19:28:58 1995
From: Jeff Smith <Jeff.Smith@dcs.warwick.ac.uk>
To: shipley@merde.dis.org (Pete Shipley)
Date: Tue, 7 Feb 1995 22:22:31 +0000 (GMT)
Cc: bugtraq@fc.net
In-Reply-To: <199501280333.TAA22911@merde.dis.org> from "Pete Shipley" at Jan 27, 95 19:33:33 pm
> This program disables and open and ioctl of /dev/vd thus
> blocking modload and modstat from from funtioning. The
> use of this is to disable people (crackers) from installing
> "unwanted" drivers.
As far as SunOS 4.1.X security is concerned, you are probably better off
disabling loadable modules altogether by commenting out the
options VDDRV # loadable modules
line in the kernel configuration and linking in the loadable
modules that you want in a permanent fashion, as though they
were ordinary device-driver object files. Also, once you've done
this, you can delete (or at least de-suid) /usr/kvm/modload.
I haven't tried this with evqmod-sun4*.o or winlock-sun4*.o, (I don't
use them, though I would be interested in experiences). However, I
have done it with a frame-buffer loadable module, and in general it
should work unless the module has been written such that the act of
loading/unloading does something that would be traditionally
associated with first opens or last closes.
--
Jeff Smith, Computer Science, Warwick University, Coventry, CV4 7AL, England
jeff@dcs.warwick.ac.uk phone: +44 203 523485 fax: +44 203 525714
