Re: So, back on the topic of enabling bpf in GENERIC...

Brian F. Feldman Fri, 30 Jul 1999 12:44:42 -0700

On Fri, 30 Jul 1999, Matthew Dillon wrote:

> :     But even if you turn off the bpf device, you still have /dev/mem and
> :     /dev/kmem to worry about.  For that matter, the intruder can still write
> :     raw devices.  Also, there is another kernel feature called kldload(8).
> 
>     BTW, I wrote this section because a hacker actually installed the bpf 
>     device via the module loader during one of the root compromises at BEST,
>     a year or two ago.  He had gotten it from a hackers cookbook of exploits
>     which he convieniently left on-disk long enough for our daily backups to
>     catch it :-).

Want to post the ocde for it? It would be interesting to see how that was
done!

> 
>                                               -Matt
> 
> 
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
> 

 Brian Fundakowski Feldman      _ __ ___ ____  ___ ___ ___  
 [EMAIL PROTECTED]                   _ __ ___ | _ ) __|   \ 
     FreeBSD: The Power to Serve!        _ __ | _ \._ \ |) |
       http://www.FreeBSD.org/              _ |___/___/___/ 



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: So, back on the topic of enabling bpf in GENERIC...

Reply via email to