Disabling SunOS kernel module loading (Was: Re: Anti Hijacking tools)

Jeff Smith (Jeff.Smith@dcs.warwick.ac.uk)
Tue, 7 Feb 1995 22:22:31 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Timothy Newsham: "Re: Request for discussion."
Previous message: Karl Strickland: "Re: Request for discussion."
In reply to: Pete Shipley: "Anti Hijacking tools"
Next in thread: Quentin Fennessy: "Re: Hijacking tool"

>     This program disables and open and ioctl of /dev/vd thus
>     blocking modload and modstat from from funtioning.  The
>     use of this is to disable people (crackers) from installing
>     "unwanted" drivers.

As far as SunOS 4.1.X security is concerned, you are probably better off 
disabling loadable modules altogether by commenting out the

options        VDDRV           # loadable modules

line in the kernel configuration and linking in the loadable
modules that you want in a permanent fashion, as though they
were ordinary device-driver object files. Also, once you've done
this, you can delete (or at least de-suid) /usr/kvm/modload.

I haven't tried this with evqmod-sun4*.o or winlock-sun4*.o, (I don't
use them, though I would be interested in experiences). However, I
have done it with a frame-buffer loadable module, and in general it
should work unless the module has been written such that the act of
loading/unloading does something that would be traditionally
associated with first opens or last closes.

--
Jeff Smith, Computer Science, Warwick University, Coventry, CV4 7AL, England
jeff@dcs.warwick.ac.uk	phone: +44 203 523485	fax: +44 203 525714

Next message: Timothy Newsham: "Re: Request for discussion."
Previous message: Karl Strickland: "Re: Request for discussion."
In reply to: Pete Shipley: "Anti Hijacking tools"
Next in thread: Quentin Fennessy: "Re: Hijacking tool"