blob: 425bdd2186187d34abc184b6c49059c37f3f3b5a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
===========================================================================
$NetBSD: MESSAGE,v 1.2 2006/03/07 23:14:39 christos Exp $
Add the following line to /etc/lkm.conf:
${PREFIX}/lkm/xf86.o - - ${PREFIX}/lkm/xf86_mod_install - AFTERMOUNT
and set:
lkm=YES
in /etc/rc.conf. Then, /etc/rc.d/lkm3 restart
**************************
**** SECURITY WARNING ****
**************************
Please note that use of this driver only raises the bar somewhat
on breaking the securelevel abstraction. Loading this driver provides
the opening process with access to various things that can write
anywhere in memory (such as DMA engines, frame-buffer paint engines,
SMM). While one has to write a little more code to aim these memory
writers at the securelevel variable in kernel memory, it is not really
difficult to do so. Finally the fact that only one process can have
/dev/xf86 open at a time does not win much since root can kill it
at anytime and start another process. This exploit has to do with
root being able to change the security level and do things it could
not do before.
===========================================================================
|