30 lines
1.1 KiB
Text
30 lines
1.1 KiB
Text
===========================================================================
|
|
$NetBSD: MESSAGE,v 1.2 2006/03/07 23:14:39 christos Exp $
|
|
|
|
Add the following line to /etc/lkm.conf:
|
|
|
|
${PREFIX}/lkm/xf86.o - - ${PREFIX}/lkm/xf86_mod_install - AFTERMOUNT
|
|
|
|
and set:
|
|
|
|
lkm=YES
|
|
|
|
in /etc/rc.conf. Then, /etc/rc.d/lkm3 restart
|
|
|
|
**************************
|
|
**** SECURITY WARNING ****
|
|
**************************
|
|
|
|
Please note that use of this driver only raises the bar somewhat
|
|
on breaking the securelevel abstraction. Loading this driver provides
|
|
the opening process with access to various things that can write
|
|
anywhere in memory (such as DMA engines, frame-buffer paint engines,
|
|
SMM). While one has to write a little more code to aim these memory
|
|
writers at the securelevel variable in kernel memory, it is not really
|
|
difficult to do so. Finally the fact that only one process can have
|
|
/dev/xf86 open at a time does not win much since root can kill it
|
|
at anytime and start another process. This exploit has to do with
|
|
root being able to change the security level and do things it could
|
|
not do before.
|
|
|
|
===========================================================================
|