On Wed, Feb 24, 2010 at 08:49:29PM -0600, Robert Bonomi typed:
> >
> > > I'm building custom kernels for use in 'hostile' environments -- where I
> > > need to enforce "restricted" capabilities, even in the event of malicious
> > > 'root' access. (if the bad guy has *physical* access to the machin
> From owner-freebsd-questi...@freebsd.org Wed Feb 24 18:04:25 2010
> Date: Wed, 24 Feb 2010 17:38:45 -0600 (CST)
> From: Lars Eighner
> To: Robert Bonomi
> Cc: questi...@freebsd.org
> Subject: Re: how to disable loadable kernel moduels?
>
> On Wed, 24 Feb 2010, Robert
On Wed, Feb 24, 2010 at 11:47 PM, Robert Bonomi
wrote:
>
> Can somebody point me towrads the source module(s) that contain the
> syscall 'dispatch' code and/or the loadable module implementation.
According to /usr/src/sys/kern/syscalls.master, the kldload() syscall
ID is 304:
304 AUE_MODLOA
If you do not want to change the secure level you can compile a static kernel:
# static kernel
makeoptions NO_MODULES=yes
put the above inside the kernel config file.
On Wed, Feb 24, 2010 at 8:19 PM, Bruce Cran wrote:
> On Wed, 24 Feb 2010 16:47:25 -0600 (CST)
> Robert Bonomi wrote:
>
>> I'
On Wed, 24 Feb 2010, Robert Bonomi wrote:
I'm building custom kernels for use in 'hostile' environments -- where I
need to enforce "restricted" capabilities, even in the event of malicious
'root' access. (if the bad guy has *physical* access to the machine, I
know I'm toast, so I don't try to
On Wed, 24 Feb 2010 16:47:25 -0600 (CST)
Robert Bonomi wrote:
> I'm building custom kernels for use in 'hostile' environments --
> where I need to enforce "restricted" capabilities, even in the event
> of malicious 'root' access. (if the bad guy has *physical* access to
> the machine, I know I'm
I'm building custom kernels for use in 'hostile' environments -- where I need
to enforce "restricted" capabilities, even in the event of malicious 'root'
access. (if the bad guy has *physical* access to the machine, I know I'm
toast, so I don't try to protect against _that_ in software -- beyo