Date: Fri, 8 Sep 2000 08:57:30 +1100 (EST) From: Bruce Evans <bde@zeta.org.au> To: "Zach N. Heilig" <zach@uffdaonline.net> Cc: Paul Herman <pherman@frenchfries.net>, freebsd-current@FreeBSD.ORG, Vivek Khera <khera@kcilink.com> Subject: Re: call for testers: init securelevel patch Message-ID: <Pine.BSF.4.21.0009080855361.30227-100000@besplex.bde.org> In-Reply-To: <20000907152923.A57609@murkwood.znh.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Sep 2000, Zach N. Heilig wrote: > On Thu, Sep 07, 2000 at 06:33:20PM +0200, Paul Herman wrote: > > Here is a patch which will allow init(8) (or rather, any process with > > PID 1) to lower the securelevel to 0 when going into single-user > > maintenence mode. This has no effect if securelevel is -1. > > > > Feedback welcome -- there may be security implications I'm not aware > > of. If this is well recieved, I will tack it onto bin/20974 for > > further review and commit into -CURRENT. > > This was the behavior a while back. It was removed on purpose. (because > an attacker could attach to PID 1 with a debugger and cause it to lower > secure level without going to single user mode.) RCS file: /home/ncvs/src/sys/kern/kern_mib.c,v Working file: kern_mib.c head: 1.37 ... ---------------------------- revision 1.9 date: 1997/06/25 07:31:47; author: joerg; state: Exp; lines: +2 -2 Don't ever allow lowering the securelevel at all. Allowing it does nothing good except of opening a can of (potential or real) security holes. People maintaining a machine with higher security requirements need to be on the console anyway, so there's no point in not forcing them to reboot before starting maintenance. Agreed by: hackers, guido ---------------------------- Index: kern_mib.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_mib.c,v retrieving revision 1.8 retrieving revision 1.9 diff -c -2 -r1.8 -r1.9 *** kern_mib.c 1997/03/04 18:31:54 1.8 --- kern_mib.c 1997/06/25 07:31:47 1.9 *************** *** 38,42 **** * * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 ! * $Id: kern_mib.c,v 1.7 1997/03/03 12:58:19 bde Exp $ */ --- 38,42 ---- * * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 ! * $Id: kern_mib.c,v 1.8 1997/03/04 18:31:54 bde Exp $ */ *************** *** 124,128 **** if (error || !req->newptr) return (error); ! if (level < securelevel && req->p->p_pid != 1) return (EPERM); securelevel = level; --- 124,128 ---- if (error || !req->newptr) return (error); ! if (level < securelevel) return (EPERM); securelevel = level; Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009080855361.30227-100000>