Date: Tue, 21 Aug 2018 13:37:54 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 230798] security/kernel possible to bypass kern.securelevel and immutable flags (chflags) Message-ID: <bug-230798-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230798 Bug ID: 230798 Summary: security/kernel possible to bypass kern.securelevel and immutable flags (chflags) Product: Base System Version: 10.4-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: sielaq@gmail.com Scenario: Having applied "paranoia mode" kern.securelevel: 1 and even special chflags immutable flags and having nullfs loaded nullfs_load="YES" It is possible to bind the files with mount_nullfs to cover the existing config or binaries. Not sure if this is a bug or feature... just in case raising it. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230798-227>