Re: call for testers: init securelevel patch

Thu, 07 Sep 2000 14:52:16 -0700 

On Thu, 7 Sep 2000, Zach N. Heilig wrote:

> On Thu, Sep 07, 2000 at 06:33:20PM +0200, Paul Herman wrote:
> > Here is a patch which will allow init(8) (or rather, any process with
> > PID 1) to lower the securelevel to 0 when going into single-user
> > maintenence mode.  This has no effect if securelevel is -1.
> > 
> > Feedback welcome -- there may be security implications I'm not aware
> > of.  If this is well recieved, I will tack it onto bin/20974 for
> > further review and commit into -CURRENT.
> 
> This was the behavior a while back.  It was removed on purpose.  (because
> an attacker could attach to PID 1 with a debugger and cause it to lower
> secure level without going to single user mode.)

RCS file: /home/ncvs/src/sys/kern/kern_mib.c,v
Working file: kern_mib.c
head: 1.37
...
----------------------------
revision 1.9
date: 1997/06/25 07:31:47;  author: joerg;  state: Exp;  lines: +2 -2
Don't ever allow lowering the securelevel at all.  Allowing it does
nothing good except of opening a can of (potential or real) security
holes.  People maintaining a machine with higher security requirements
need to be on the console anyway, so there's no point in not forcing
them to reboot before starting maintenance.

Agreed by:      hackers, guido
----------------------------

Index: kern_mib.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_mib.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -c -2 -r1.8 -r1.9
*** kern_mib.c  1997/03/04 18:31:54     1.8
--- kern_mib.c  1997/06/25 07:31:47     1.9
***************
*** 38,42 ****
   *
   *    @(#)kern_sysctl.c       8.4 (Berkeley) 4/14/94
!  * $Id: kern_mib.c,v 1.7 1997/03/03 12:58:19 bde Exp $
   */
  
--- 38,42 ----
   *
   *    @(#)kern_sysctl.c       8.4 (Berkeley) 4/14/94
!  * $Id: kern_mib.c,v 1.8 1997/03/04 18:31:54 bde Exp $
   */
  
***************
*** 124,128 ****
                if (error || !req->newptr)
                        return (error);
!               if (level < securelevel && req->p->p_pid != 1)
                        return (EPERM);
                securelevel = level;
--- 124,128 ----
                if (error || !req->newptr)
                        return (error);
!               if (level < securelevel)
                        return (EPERM);
                securelevel = level;

Bruce



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to