how to disable loadable kernel moduels?
Lars Eighner
luvbeastie at larseighner.com
Thu Feb 25 00:02:54 UTC 2010
On Wed, 24 Feb 2010, Robert Bonomi wrote:
>
>
> I'm building custom kernels for use in 'hostile' environments -- where I
> need to enforce "restricted" capabilities, even in the event of malicious
> 'root' access. (if the bad guy has *physical* access to the machine, I
> know I'm toast, so I don't try to protect against _that_ in software --
> beyond the usual access-control mechnisms, that is.)
>
> To accomplish this, I need to (among other things) *completely* disable
> kernel 'loadable module' functionality. Building the required monolithic
> kernel is no problem, and by booting from _physical_ read-only media, I
> can protect against bootloader/kernel/application substitution. I just
> need to make it "impossible" to add modules to the running system.
I don't see how this is really bullet-proof possible. Anyone with root
access can edit loader.conf and force a reboot --- or wait until a power
interuption or something causes a reboot. You pretty much have to be able
to reboot the machine, soo...
It seems to me you could replace kldload (the command, not the system call)
with a dummy script which would raise the bar a bit. You could remove (I
think) the modules you are afraid of, but someone with root priviledges
could replace them with trojans.
--
Lars Eighner
http://www.larseighner.com/index.html
8800 N IH35 APT 1191 AUSTIN TX 78753-5266
More information about the freebsd-questions
mailing list