On Fri, 30 Jul 1999, Matthew Dillon wrote:
> : But even if you turn off the bpf device, you still have /dev/mem and
> : /dev/kmem to worry about. For that matter, the intruder can still write
> : raw devices. Also, there is another kernel feature called kldload(8).
>
> BTW, I wrote this section because a hacker actually installed the bpf
> device via the module loader during one of the root compromises at BEST,
> a year or two ago. He had gotten it from a hackers cookbook of exploits
> which he convieniently left on-disk long enough for our daily backups to
> catch it :-).
Want to post the ocde for it? It would be interesting to see how that was
done!
>
> -Matt
>
>
>
> To Unsubscribe: send mail to majord...@freebsd.org
> with "unsubscribe freebsd-hackers" in the body of the message
>
Brian Fundakowski Feldman _ __ ___ ____ ___ ___ ___
gr...@freebsd.org _ __ ___ | _ ) __| \
FreeBSD: The Power to Serve! _ __ | _ \._ \ |) |
http://www.FreeBSD.org/ _ |___/___/___/
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
