[947] in bugtraq
Re: Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools)
daemon@ATHENA.MIT.EDU (Mark Graff )
Wed Feb 8 21:50:19 1995
Date: Wed, 8 Feb 1995 16:35:00 -0800
From: Mark.Graff@Eng.Sun.COM ( Mark Graff )
To: bugtraq@fc.net
On the subject of disabling kernel module loading on SunOS 4.1.x:
several people asked me what the side effects of this might be. I
researched it; and the answer appears to be that what the user gives
up, so far as supported vendor software, is the ability to run
OpenWindows with the "-nosunview" option.
That is, if you disable loadmodule, or modload, or the loading of
modules, the kernel will not be able to load keyboard and mouse
drivers on the fly that the server usually relies on the sunview
code to supply.
I haven't tried this on SunOS 5.x but my expectation would be that
Solaris 2.3 would act the same as 4.1.x, and later versions would
barf altogether.
-mg-
From owner-bugtraq@fc.net Tue Feb 7 15:18:16 1995
Subject: Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools)
To: shipley@merde.dis.org (Pete Shipley)
Date: Tue, 7 Feb 1995 22:22:31 +0000 (GMT)
Cc: bugtraq@fc.net
Precedence: bulk
> This program disables and open and ioctl of /dev/vd thus
> blocking modload and modstat from from funtioning. The
> use of this is to disable people (crackers) from installing
> "unwanted" drivers.
As far as SunOS 4.1.X security is concerned, you are probably better off
disabling loadable modules altogether by commenting out the
options VDDRV # loadable modules
line in the kernel configuration and linking in the loadable
modules that you want in a permanent fashion, as though they
were ordinary device-driver object files. Also, once you've done
this, you can delete (or at least de-suid) /usr/kvm/modload.
I haven't tried this with evqmod-sun4*.o or winlock-sun4*.o, (I don't
use them, though I would be interested in experiences). However, I
have done it with a frame-buffer loadable module, and in general it
should work unless the module has been written such that the act of
loading/unloading does something that would be traditionally
associated with first opens or last closes.
--
Jeff Smith, Computer Science, Warwick University, Coventry, CV4 7AL, England
jeff@dcs.warwick.ac.uk phone: +44 203 523485 fax: +44 203 525714
