FreeBSD Security Advisory FreeBSD-SA-03:09.signal
Jason Dambrosio
jason at wiz.cx
Mon Aug 11 00:01:03 PDT 2003
On Mon, Aug 11, 2003 at 07:44:38AM +0100, Bruce M Simpson wrote:
> On Sun, Aug 10, 2003 at 08:33:16PM -1000, Jason Dambrosio wrote:
> > Wouldn't a possible workaround be, to load a kld module that would
> > replace the ptrace(2) system call with a patched one? I remember doing
> > such a trick for modifying other system calls using kld modules...
>
> That isn't really a solution; more of a band-aid.
That's exactly why I called it a workaround and not a solution.
The primary idea of a workaround being to avoid having downtime for
a reboot to patch the kernel until your next scheduled maintence window.
> Besides, if someone compromises the system in some other way, they can
> just remove your module or unload it. Unless you're a big securelevels fan.
If someone compromises the system via some other method, why would
they care about unloading a module if they already have root?
My point was simply that the advisory said there was no workaround,
but I believe you could use this method as a workaround.
Jason
More information about the freebsd-security
mailing list