Subject: Re: kern/1967: securelevel should be patchable
To: None <matthieu@laas.fr>
From: James da Silva <jds@cs.umd.edu>
List: netbsd-bugs
Date: 01/23/1996 22:02:48
I wrote:
> > Yes! Securelevel can be patched with a trivial program even when
> > originally in bss. The kernel needs to be immutable to avoid this.
Matthieu wrote:
> And so need the 'rc' scripts. If you can modify them, you can load a
> LKM that patches securelevel or otherwise defeats it (like the i386
> XFree86 aperture driver that I wrote...).
Ah. It follows then that _every_ binary and script run in single user mode
must be immutable, or there's little point to having securelevel 1.
Gack.
Jaime