Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools)

[Jeff.Smith () dcs warwick ac uk (Jeff Smith)]

>     This program disables and open and ioctl of /dev/vd thus
>     blocking modload and modstat from from funtioning.  The
>     use of this is to disable people (crackers) from installing
>     "unwanted" drivers.

As far as SunOS 4.1.X security is concerned, you are probably better off 
disabling loadable modules altogether by commenting out the

options        VDDRV           # loadable modules

line in the kernel configuration and linking in the loadable
modules that you want in a permanent fashion, as though they
were ordinary device-driver object files. Also, once you've done
this, you can delete (or at least de-suid) /usr/kvm/modload.

I haven't tried this with evqmod-sun4*.o or winlock-sun4*.o, (I don't
use them, though I would be interested in experiences). However, I
have done it with a frame-buffer loadable module, and in general it
should work unless the module has been written such that the act of
loading/unloading does something that would be traditionally
associated with first opens or last closes.

--
Jeff Smith, Computer Science, Warwick University, Coventry, CV4 7AL, England
jeff () dcs warwick ac uk       phone: +44 203 523485   fax: +44 203 525714