: But even if you turn off the bpf device, you still have /dev/mem and
: /dev/kmem to worry about. For that matter, the intruder can still write
: raw devices. Also, there is another kernel feature called kldload(8).
BTW, I wrote this section because a hacker actually installed the bpf
device via the module loader during one of the root compromises at BEST,
a year or two ago. He had gotten it from a hackers cookbook of exploits
which he convieniently left on-disk long enough for our daily backups to
catch it :-).
-Matt
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
- So, back on the topic of enabling bpf in GENERIC... Jordan K. Hubbard
- Re: So, back on the topic of enabling bpf in GENERI... David E. Cross
- Re: So, back on the topic of enabling bpf in GE... Jordan K. Hubbard
- Re: So, back on the topic of enabling bpf in GENERI... Brian F. Feldman
- Re: So, back on the topic of enabling bpf in GE... Jordan K. Hubbard
- Re: So, back on the topic of enabling bpf i... Brian F. Feldman
- Re: So, back on the topic of enabling b... Brian F. Feldman
- Re: So, back on the topic of enabl... Matthew Dillon
- Re: So, back on the topic of e... Brian F. Feldman
- Re: So, back on the topic of e... Mike Smith
- Re: So, back on the topic ... Matthew Dillon
- Re: So, back on the topic of enabl... Warner Losh
- Re: So, back on the topic of e... Alfred Perlstein
- Re: So, back on the topic ... Warner Losh
- Re: So, back on the topic of e... Jordan K. Hubbard
- Re: So, back on the topic ... Warner Losh
- Re: So, back on the topic ... Matthew Dillon
- Re: So, back on the topic ... Wes Peters
