Bugtraq mailing list archives
Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools)
From: Jeff.Smith () dcs warwick ac uk (Jeff Smith)
Date: Tue, 7 Feb 1995 22:22:31 +0000 (GMT)
This program disables and open and ioctl of /dev/vd thus blocking modload and modstat from from funtioning. The use of this is to disable people (crackers) from installing "unwanted" drivers.
As far as SunOS 4.1.X security is concerned, you are probably better off disabling loadable modules altogether by commenting out the options VDDRV # loadable modules line in the kernel configuration and linking in the loadable modules that you want in a permanent fashion, as though they were ordinary device-driver object files. Also, once you've done this, you can delete (or at least de-suid) /usr/kvm/modload. I haven't tried this with evqmod-sun4*.o or winlock-sun4*.o, (I don't use them, though I would be interested in experiences). However, I have done it with a frame-buffer loadable module, and in general it should work unless the module has been written such that the act of loading/unloading does something that would be traditionally associated with first opens or last closes. -- Jeff Smith, Computer Science, Warwick University, Coventry, CV4 7AL, England jeff () dcs warwick ac uk phone: +44 203 523485 fax: +44 203 525714
Current thread:
- Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools) Jeff Smith (Feb 07)
- <Possible follow-ups>
- Re: Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools) Mark Graff (Feb 08)
- Re: Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools) Jeff Smith (Feb 09)