Re: Bugs in sysctl.c

Rogier Wolff (R.E.Wolff@BitWizard.nl)
Mon, 11 Aug 1997 13:37:19 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rogier Wolff: "Re: Memory Management - BSD vs Linux"
Previous message: Benjamin Saller Bender: "Re: Memory Management - BSD vs Linux"
Next in thread: thospel@mail.dma.be: "Re: Bugs in sysctl.c"
Reply: thospel@mail.dma.be: "Re: Bugs in sysctl.c"

Chris Evans wrote:
>
>
> Hi,
>
> It seems that securelevel is completely shafted. For a start, the
> permissions that /proc/sys/kernel/securelevel are registered with are
> incorrect (0444, should be 0644 to allow root write access) Trivial patch
> => not included here :-)
>
> Furthermore, and more worrying, it seems that do_securelevel_strategy is
> NOT called upon modification of securelevel. This means that root can
> arbitrarily lower the securelevel value(!).
>
> I did not have time to look into this.. I will probably do so tonight
> unless some bright spark posts fixes/causes before then, hint hint ;-)

Securelevel is not completely implemented yet.

You should write a little document with what different levels do, and
post this to linux-kernel. You'll get some feedback, and then
implementing it will be a matter of a few hours intense hacking.

The document should do something like:

0: Default. Normal "unix-like" operation.
1: chattr is disallowed
2: ....

only increasing the securelevel is allowed. Decreasing the
securelevel requires a reboot.

Things like "access to raw devices", "access to kmem", "access to /proc",
"modifying IP parameters", etc etc should be mentioned.

Regards,

Roger.

Next message: Rogier Wolff: "Re: Memory Management - BSD vs Linux"
Previous message: Benjamin Saller Bender: "Re: Memory Management - BSD vs Linux"
Next in thread: thospel@mail.dma.be: "Re: Bugs in sysctl.c"
Reply: thospel@mail.dma.be: "Re: Bugs in sysctl.c"