Hi,
>From the BSDI manual:
| BSD/OS has a notion of a security level; see init(8). By default, the
| system goes to a 'secure' mode when multi-user. In that mode, /dev/kmem
| and /dev/mem cannot be written, raw disks cannot be written, and immutable
| files cannot be written - even by the superuser. (See chflags(1) for information
| on flags including the immutable flags - which can only be changed in not-
| secure mode.)
|
| The modes are:
|
| -1 - 'Permanently Insecure' - 'Insecure' and even multi-user mode is
| 'insecure'.
|
| 0 - 'Insecure' - In single user mode, root can change flags and read/write
| any file - multi-user mode automatically moves to 'secure'
|
| 1 - 'Secure' - can not write immutable flags or raw devices or /dev/mem or
| /dev/kmem
|
| 2 - highly secure - 'Secure' and disk devices not writable through /dev -
| newfs and floppy writing disabled
Makes for a really secure box but a PITA to administer :-)
Colin
My mailer thinks apilosov @
cantor .
com said:
>
> Question: if hacker attains root, couldn't he just use /dev/mem, /dev/kmem,
> /proc/### interfaces to change the runlevel variable in kernel, and then
> turn off immutable or whatever else he wants?
>
> IMHO...all the protection against root actions is rendered useless once you
> can write to /dev/mem directly, but I have no clue how /dev/mem works in
> xBSD, so its just IMHO for now :)
>
> Alex
>
References:
|
|
