Re: Anti Hijacking tools

[jsz () ramon bgu ac il (jsz)]

> > AntiHijacking tool?  It disables sun4's kernel ability to modload
> > modules on fly,
>
> Right; this is the whole point.

Ok. This won't be a solution for Solaris 2.X, where whole concept of
modules in kernel is built upon loading them. 

> > thus also disables things like ppp, slip, et al.
>
> Only if your ppp/slip requires loading a kernel module at run-time.  My
> serial IP code doesn't depend on LKMs at all.  Most that do can
> probably be loaded in /etc/rc.local before the door is locked.
>
> > I won't call it a solution.
>
> Well, you're welcome to call it - or not call it - whatever you like.
> I don't call it a solution either, but more because the security can so
> easily be defeated with the help of a reboot.

Can't you reload kernel itself in kmem? Why reboot?

> And of course, if your environment doesn't call for "things like ppp,
> slip, et al", this doesn't matter at all.  Nobody _has_ to use either
> of these things; they're just one more option available that some may
> choose to avail themselves of.

OW 3.0 & 3.0_U1 (that's for Solaris 1.1.X) by default supports
sunview facility, and when you disable this facility (for better performance)
by "openwin -sunview" the display server will load a module into kernel,
called evq, (winlock can be loaded as well). In case you disable kernel's
ability to load modules on a fly, you won't be able to use it as well --
Of course you can recommend using motif..but -- another proof.