> > > AntiHijacking tool? It disables sun4's kernel ability to modload > > modules on fly, > > Right; this is the whole point. Ok. This won't be a solution for Solaris 2.X, where whole concept of modules in kernel is built upon loading them. > > > thus also disables things like ppp, slip, et al. > > Only if your ppp/slip requires loading a kernel module at run-time. My > serial IP code doesn't depend on LKMs at all. Most that do can > probably be loaded in /etc/rc.local before the door is locked. > > > I won't call it a solution. > > Well, you're welcome to call it - or not call it - whatever you like. > I don't call it a solution either, but more because the security can so > easily be defeated with the help of a reboot. Can't you reload kernel itself in kmem? Why reboot? > > And of course, if your environment doesn't call for "things like ppp, > slip, et al", this doesn't matter at all. Nobody _has_ to use either > of these things; they're just one more option available that some may > choose to avail themselves of. OW 3.0 & 3.0_U1 (that's for Solaris 1.1.X) by default supports sunview facility, and when you disable this facility (for better performance) by "openwin -sunview" the display server will load a module into kernel, called evq, (winlock can be loaded as well). In case you disable kernel's ability to load modules on a fly, you won't be able to use it as well -- Of course you can recommend using motif..but -- another proof.