From owner-freebsd-security Mon Jul 28 17:36:11 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id RAA17387 for security-outgoing; Mon, 28 Jul 1997 17:36:11 -0700 (PDT) Received: from mail.MCESTATE.COM (vince@mail.MCESTATE.COM [207.211.200.50]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA17380 for ; Mon, 28 Jul 1997 17:36:08 -0700 (PDT) Received: from localhost (vince@localhost) by mail.MCESTATE.COM (8.8.5/8.8.5) with SMTP id RAA07344; Mon, 28 Jul 1997 17:34:27 -0700 (PDT) Date: Mon, 28 Jul 1997 17:34:27 -0700 (PDT) From: Vincent Poy To: Brian Buchanan cc: freebsd-security@freebsd.org, JbHunt , "[Mario1-]" Subject: Re: securelevel (was: Re: security hole in FreeBSD) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 28 Jul 1997, Brian Buchanan wrote: =)Uh, that would defeat the purpose of securelevel. It's not supposed to be =)possible to ever lower it, except when dropping into single-user mode, and =)even allowing init to do so in that instance is risky IMHO - a few months =)ago I reported a hole, which I believe was fixed, that made it possible to =)lower the securelevel by attaching a debugger to init. Even though that's =)plugged now, it's still possible that there's another way to fool the =)kernel into thinking that process 1 is requesting that securelevel be =)lowered. Anything is possible since nothing is unhackable. Would running init at securelevel 2 and then have it reboot multi-user at a lower level be possible? Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]