From owner-freebsd-security  Sat Sep  6 20:08:30 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id UAA22087
          for security-outgoing; Sat, 6 Sep 1997 20:08:30 -0700 (PDT)
Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id UAA22076
          for <security@freebsd.org>; Sat, 6 Sep 1997 20:08:25 -0700 (PDT)
Received: from localhost (brian@localhost)
	by shell.firehouse.net (8.8.5/8.8.5) with SMTP id XAA16505;
	Sat, 6 Sep 1997 23:08:04 -0400 (EDT)
Date: Sat, 6 Sep 1997 23:08:02 -0400 (EDT)
From: Brian Mitchell <brian@firehouse.net>
To: Sean Eric Fagan <sef@Kithrup.COM>
cc: security@freebsd.org
Subject: Re: procfs take II
In-Reply-To: <199709061749.KAA25203@kithrup.com>
Message-ID: <Pine.BSI.3.95.970906230726.16448A-100000@shell.firehouse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sat, 6 Sep 1997, Sean Eric Fagan wrote:

> In article <Pine.NEB.3.96.970906024915.163A-100000.kithrup.freebsd.security@apocalypse.saturn.net> you write:
> >Here is a simple patch, it disallows writes to pid 1's mem node if
> >securelevel is > 0 (diff is based on 2.2.1 box with the securelevel fix
> >applied):
> 
> Insufficient -- PTRACE_ATTACH allows the same hole.

ptrace_attach was fixed in 2.2.2

> 
> Also, the only place that kind of change really needs to go is in
> procfs_open(), when the file is originally opened.  If securelevel > 0, then
> init should be read-only (or not even readable at all).  A more general way
> of doing this should be provided, I think, rather than special-casing pid 1.
> 
> Sean.
> 

I agree, but the ptrace_attach was fixed with this same sorta thing.