Subject: Re: kern/1967: securelevel should be patchable
To: None <netbsd-bugs@NetBSD.ORG>
From: James da Silva <jds@cs.umd.edu>
List: netbsd-bugs
Date: 01/23/1996 11:35:01
 Jason Thorpe <thorpej@nas.nasa.gov>:
 > > I imagine that the current practice of putting it in the bss was done 
 > > specifically to prevent what you'd like to be able to do :-)

 Gordon Ross <gwr@mc.com>:
 > Perhaps, but that's a false security.
 > If I can modify the kernel, i'm in!

Yes!  Securelevel can be patched with a trivial program even when originally
in bss.  The kernel needs to be immutable to avoid this.

If everyone agrees that keeping securelevel in BSS doesn't help security
any, then perhaps securelevel can be made more convenient to change as a
config option or patch.  Or at the very least, get rid of the commentary in
sys/systm.h:

     Note that it is NOT initialized to zero as that would allow the
     vmunix binary to be patched to -1.  Without initialization,
     securelevel loads in the BSS area which only comes into existence
     when the kernel is loaded and hence cannot be patched by a
     stalking hacker.

Whoever wrote this wasn't thinking it through, IMO.

Jaime
..............................................................................
:  James da Silva  :  UMCP Computer Science Dept  :  Stand on my shoulders,  :
:  jds@cs.umd.edu  :  http://www.cs.umd.edu/~jds  :  not on my toes.         :