Date: Tue, 15 Jun 2004 12:12:22 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) To: Radko Keves <rado@daemon.sk> Cc: security@FreeBSD.org Subject: Re: Unprivilegued settings for FreeBSD kernel variables Message-ID: <xzphdtd8709.fsf@dwp.des.no> In-Reply-To: <20040615100102.GA12078@daemon.sk> (Radko Keves's message of "Tue, 15 Jun 2004 12:01:02 %2B0200") References: <20040615100102.GA12078@daemon.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
Radko Keves <rado@daemon.sk> writes:
> EXAMPLE:
> kernel module can gives you a new sysctl (for example kern.securelevel2):
> kern.securelevel2
> with which you can lower/raiser sysctl.securelevel variable
> (source code attached)
The kernel runs with five different levels of security. Any super-user
process can raise the security level, but no process can lower it. The
security levels are:
-1 Permanently insecure mode - always run the system in level 0 mode.
This is the default initial value.
0 Insecure mode - immutable and append-only flags may be turned off.
All devices may be read or written subject to their permissions.
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted file systems, /dev/mem,
/dev/kmem and /dev/io (if your platform has it) may not be opened
for writing; kernel modules (see kld(4)) may not be loaded or
unloaded.
[...]
so how, exactly, is the attacker going to load his malicious kernel
module?
DES
--
Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzphdtd8709.fsf>