From owner-freebsd-bugs@FreeBSD.ORG  Tue Jun 15 10:12:47 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2D3E616A4CE; Tue, 15 Jun 2004 10:12:47 +0000 (GMT)
Received: from smtp.des.no (flood.des.no [217.116.83.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 792AC43D58; Tue, 15 Jun 2004 10:12:46 +0000 (GMT)
	(envelope-from des@des.no)
Received: by smtp.des.no (Pony Express, from userid 666)
	id E7B40530D; Tue, 15 Jun 2004 12:12:29 +0200 (CEST)
Received: from dwp.des.no (des.no [80.203.228.37])
	by smtp.des.no (Pony Express) with ESMTP
	id 47C3E530C; Tue, 15 Jun 2004 12:12:22 +0200 (CEST)
Received: by dwp.des.no (Postfix, from userid 2602)
	id 2B64DB86C; Tue, 15 Jun 2004 12:12:22 +0200 (CEST)
To: Radko Keves <rado@daemon.sk>
References: <20040615100102.GA12078@daemon.sk>
From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=)
Date: Tue, 15 Jun 2004 12:12:22 +0200
In-Reply-To: <20040615100102.GA12078@daemon.sk> (Radko Keves's message of
 "Tue, 15 Jun 2004 12:01:02 +0200")
Message-ID: <xzphdtd8709.fsf@dwp.des.no>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.63
cc: freebsd-bugs@FreeBSD.org
cc: security@FreeBSD.org
Subject: Re: Unprivilegued settings for FreeBSD kernel variables
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2004 10:12:47 -0000

Radko Keves <rado@daemon.sk> writes:
> EXAMPLE:
> kernel module can gives you a new sysctl (for example kern.securelevel2):
> kern.securelevel2
> with which you can lower/raiser sysctl.securelevel variable
> (source code attached)

     The kernel runs with five different levels of security.  Any super-user
     process can raise the security level, but no process can lower it.  The
     security levels are:

     -1    Permanently insecure mode - always run the system in level 0 mod=
e.
           This is the default initial value.

     0     Insecure mode - immutable and append-only flags may be turned of=
f.
           All devices may be read or written subject to their permissions.

     1     Secure mode - the system immutable and system append-only flags =
may
           not be turned off; disks for mounted file systems, /dev/mem,
           /dev/kmem and /dev/io (if your platform has it) may not be opened
           for writing; kernel modules (see kld(4)) may not be loaded or
           unloaded.

     [...]

so how, exactly, is the attacker going to load his malicious kernel
module?

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no