From owner-freebsd-hackers  Tue Feb 25 00:21:02 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id AAA08550
          for hackers-outgoing; Tue, 25 Feb 1997 00:21:02 -0800 (PST)
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id AAA08536
          for <Hackers@freebsd.org>; Tue, 25 Feb 1997 00:20:59 -0800 (PST)
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id JAA13239 for Hackers@freebsd.org; Tue, 25 Feb 1997 09:20:57 +0100
Received: (from j@localhost)
	by uriah.heep.sax.de (8.8.5/8.8.5) id JAA05108;
	Tue, 25 Feb 1997 09:07:02 +0100 (MET)
Message-ID: <Mutt.19970225090702.j@uriah.heep.sax.de>
Date: Tue, 25 Feb 1997 09:07:02 +0100
From: j@uriah.heep.sax.de (J Wunsch)
To: Hackers@freebsd.org (FreeBSD Hackers)
Subject: Re: Immutable files, a false sense of security (Re: disabling setuid , sh/csh)
References: <199702242120.OAA25018@phaeton.artisoft.com> <Pine.SV4.3.95.970225092458.8264B-100000@parkplace.cet.co.jp>
X-Mailer: Mutt 0.55-PL10
Mime-Version: 1.0
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <Pine.SV4.3.95.970225092458.8264B-100000@parkplace.cet.co.jp>; from Michael Hancock on Feb 25, 1997 09:38:06 +0900
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

As Michael Hancock wrote:

> Has anyone tried hacking a system in "secure" mode via something like
> /dev/io?

/dev/io should refuse to be opened if securelevel >= 1 (or at least,
>= 2).  Naturally, this prevents you from running an Xserver and such.

>  I wonder how much of a speed bump it would present to an
> attacker.

You'll have a hard time for any sophisticated attack.  Denial of
service attacks through /dev/io are certainly easy.  If you try to
create your favorite setuid program on a disk however, you have to:

. emulate the filesystem (simplest part, use fsdb or such as a template)
. emulate the disk driver (harder, and not very general)
. cope with the fact that the existing disk driver runs concurrently
  with this; turning off interrupts is not an option unless you can
  use DDB which is the only thing that can do polled IO to get your
  input into the system at all.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)