From owner-freebsd-hackers  Sun Sep  5 21:55:55 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from eclogite.eps.nagoya-u.ac.jp (eclogite.eps.nagoya-u.ac.jp [133.6.124.145])
	by hub.freebsd.org (Postfix) with ESMTP
	id 72BA115428; Sun,  5 Sep 1999 21:55:45 -0700 (PDT)
	(envelope-from kato@ganko.eps.nagoya-u.ac.jp)
Received: from localhost (gneiss.eps.nagoya-u.ac.jp [133.6.124.148])
	by eclogite.eps.nagoya-u.ac.jp (8.9.3/3.7W) with ESMTP id NAA28245;
	Mon, 6 Sep 1999 13:53:48 +0900 (JST)
To: freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Init(8) cannot decrease securelevel
From: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
X-PGP-Fingerprint: 03 72 85 36 62 46 23 03  52 B1 10 22 44 10 0D 9E
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <19990906135317J.kato@gneiss.eps.nagoya-u.ac.jp>
Date: Mon, 06 Sep 1999 13:53:17 +0900
X-Dispatcher: imput version 980905(IM100)
Lines: 40
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Once securelevel has been increased, no process can decrease it because
kernel always refuse decreasing it.  This is inconsistent with the
manual page of init:

     The kernel runs with four different levels of security.  Any super-user
     process can raise the security level, but only init can lower it.

Is there any security problem to implement this?  If no, could someone
review following patch?

kato

---------- BEGIN ----------
*** kern_mib.c.ORIG	Mon Sep  6 13:46:40 1999
--- kern_mib.c	Mon Sep  6 13:49:44 1999
***************
*** 178,184 ****
  		error = sysctl_handle_int(oidp, &level, 0, req);
  		if (error || !req->newptr)
  			return (error);
! 		if (level < securelevel)
  			return (EPERM);
  		securelevel = level;
  		return (error);
--- 178,184 ----
  		error = sysctl_handle_int(oidp, &level, 0, req);
  		if (error || !req->newptr)
  			return (error);
! 		if (level < securelevel && req->p->p_pid != 1)
  			return (EPERM);
  		securelevel = level;
  		return (error);
---------- END ----------

-----------------------------------------------+--------------------------+
KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>  |        FreeBSD           |
Dept. Earth Planet. Sci, Nagoya Univ.          |    The power to serve!   |
Nagoya, 464-8602, Japan                        |  http://www.FreeBSD.org/ |
++++ FreeBSD(98) 3.2:   Rev. 01 available!     |http://www.jp.FreeBSD.org/|
++++ FreeBSD(98) 2.2.8: Rev. 02 available!     +==========================+


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message