From owner-freebsd-security  Sat Jun 13 23:03:53 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA24934
          for freebsd-security-outgoing; Sat, 13 Jun 1998 23:03:53 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA24927
          for <security@FreeBSD.ORG>; Sat, 13 Jun 1998 23:03:44 -0700 (PDT)
          (envelope-from dima@burka.rdy.com)
Received: (from dima@localhost)
	by burka.rdy.com (8.8.8/RDY&DVV) id XAA25570;
	Sat, 13 Jun 1998 23:03:31 -0700 (PDT)
Message-Id: <199806140603.XAA25570@burka.rdy.com>
Subject: Re: bsd securelevel patch question
In-Reply-To: <199806131219.FAA15482@flea.best.net> from Darren Reed at "Jun 13, 98 10:19:09 pm"
To: avalon@coombs.anu.edu.au (Darren Reed)
Date: Sat, 13 Jun 1998 23:03:30 -0700 (PDT)
Cc: dima@best.net, jayrich@room101.sysc.com, security@FreeBSD.ORG
X-Class: Fast
Organization: HackerDome
Reply-To: dima@best.net
From: dima@best.net (Dima Ruban)
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Darren Reed writes:
> In some mail from Dima Ruban, sie said:
> > 
> > Jay Richmond writes:
> > > Hello,
> > > 
> > > Just wondering if we should expect an official patch for the securelevel
> > > problem that's affecting all the BSD's, or if the one provided in the
> > > recent exploit is being recommended?
> > 
> > According to Thomas Ptacek, this is not exactly a bug, and after thinking some
> > more about it, I kinda agree with him. (Feature, not a bug)
> 
> Given it is exploitable, whether or not it is a feature, is irrelevant.
> It permits the protection intended by securelevel over /dev/kmem to be
> bypassed, reducing the overall security of the system.

Hmm, this is not exactly bypassing a protection, you know.
Mainly because this protection is simply not targeted for this.

     1     Secure mode - the system immutable and system append-only flags may
           not be turned off; disks for mounted filesystems, /dev/mem, and
           /dev/kmem may not be opened for writing.

(this is from man init)

I don't see exactly how it violates anything.

> 
> Darren
> 

-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message