Re: Kernel-loadable Root Kits < securelevel >

From: Peter Pentchev (roam@ringlet.net)
Date: 09/09/01 

Date: Sun, 9 Sep 2001 21:58:29 +0300
From: Peter Pentchev <roam@ringlet.net>
To: Eric Thern <eric@zoidial.com>

On Sun, Sep 09, 2001 at 06:31:27PM +0000, Eric Thern wrote:
>
> > > >> Would you care to point out how I could lower the securelevel then
> > > >> for legitimate use (i.e. updates or changes to /etc) of the system
> > > >> by the administrators?
> > > > Reboot.. and if you set the securelevel automaticly on boot (e.g.
> > > > in rc.conf) you must start in single user mode after the reboot.
> > > Yeah I know that this would be a way to do it but it's rather hard to
> > > do with colocated servers...
> > Thats right, but i'm rather sure rebooting is the only way to lower the
> > securelevel (anyone please correct me if i'm wrong).
> > >From init(8) :
> > The kernel runs with four different levels of security. Any super-user
> > process can raise the security level, but no process can lower it.
> > [CUT]
>
> Is there any possibility of having console be able to lower the
> securelevel without rebooting? In a situation with dedicated or
> colocated servers where only one person has console access, it would sure
> be a wonderful thing, although I'm fairly certain there is some security
> loophole in that whole mess.

If ddb support is compiled into the kernel, then it could be as easy
as hitting Ctrl-PrtScr and using ddb to modify the value of the kernel
variable named 'securelevel'.

G'luck,
Peter 

-- 
The rest of this sentence is written in Thailand, on
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • [UNIX] Flaws Found in Recent Linux Kernels (newgrp, symblinks)
    ... Flaws Found in Recent Linux Kernels (newgrp, ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... An attacker can force the kernel to spend almost arbitrary amount of time ... script creates 5 symlinks, each of them containing 2*N+1 path elements. ...
    (Securiteam)
  • [UNIX] Linux Kernel File Offset Pointer Handling
    ... Get your security news from a reliable source. ... The Linux kernel offers a file handling API to the userland applications. ... One of the properties of the file object is something called 'file offset' ... about one page of un-initialized kernel memory and can be exploited to ...
    (Securiteam)
  • [UNIX] Kmail HTML Support Allows Spoofing of Emails Content
    ... Get your security news from a reliable source. ... system call handler in the 2.4 Linux Kernel on the AMD64 platform a local attacker can gain root access using a simple program. ... it contains the sources that the binary kernel rpm packages are created from. ... Since the kernel-source.rpm is an installable package that contains sources for the linux kernel, it is not the source RPM for the kernel RPM binary packages. ...
    (Securiteam)
  • Re: thoughts on kernel security issues
    ... major security figure and/or haven't donated your life to security and ... the developer and more focus on the development. ... That's pretty complex in terms of kernel code, ... > most of the extra patches that distribution kernels apply are patches ...
    (Linux-Kernel)
  • [UNIX] Local Netfilter / IPTables IP Queue PID Wrap Flaw
    ... Beyond Security would like to welcome Tiscali World Online ... and a userspace library which allow userspace mediation and modification ... NET_ADMIN capability) to process packets from the kernel. ...
    (Securiteam)
Loading