Unprivilegued settings for FreeBSD kernel variables
Dag-Erling Smørgrav
des at des.no
Tue Jun 15 10:12:47 GMT 2004
Radko Keves <rado at daemon.sk> writes:
> EXAMPLE:
> kernel module can gives you a new sysctl (for example kern.securelevel2):
> kern.securelevel2
> with which you can lower/raiser sysctl.securelevel variable
> (source code attached)
The kernel runs with five different levels of security. Any super-user
process can raise the security level, but no process can lower it. The
security levels are:
-1 Permanently insecure mode - always run the system in level 0 mode.
This is the default initial value.
0 Insecure mode - immutable and append-only flags may be turned off.
All devices may be read or written subject to their permissions.
1 Secure mode - the system immutable and system append-only flags may
not be turned off; disks for mounted file systems, /dev/mem,
/dev/kmem and /dev/io (if your platform has it) may not be opened
for writing; kernel modules (see kld(4)) may not be loaded or
unloaded.
[...]
so how, exactly, is the attacker going to load his malicious kernel
module?
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-bugs
mailing list