Re: bogon in 4.x memory device

From: brian j. peterson (rbw@myplace.org)
Date: 09/25/01 

Date: Tue, 25 Sep 2001 02:24:26 -0700
From: "brian j. peterson" <rbw@myplace.org>
To: alpha@FreeBSD.ORG, security@FreeBSD.ORG

the patch needed an include added:

--- sys/alpha/alpha/mem.c.RELENG_4_4_0_RELEASE Sat May 13 17:29:44 2000
+++ sys/alpha/alpha/mem.c Tue Sep 25 00:36:06 2001
@@ -57,6 +57,7 @@
 #include <sys/msgbuf.h>
 #include <sys/random.h>
 #include <sys/signalvar.h>
+#include <sys/fcntl.h>
 
 #include <machine/frame.h>
 #include <machine/psl.h>
@@ -138,7 +139,7 @@
         switch (minor(dev)) {
         case 0:
         case 1:
- if (securelevel >= 1)
+ if ((flags & FWRITE) && securelevel > 0)
                         return (EPERM);
                 break;
         case 32:

anyway, top(1) now works on my box with securelevel at 2.

thanks again to bright.

-brian

On Tue, Sep 25, 2001 at 02:07:01AM -0500, Alfred Perlstein wrote:
> without this top(1) fails on machines with raised securelevel.
>
> can anyone review/comment?
>
> Reported by: brian j. peterson <rbw@myplace.org>
>
> Index: mem.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/alpha/alpha/mem.c,v
> retrieving revision 1.19.2.3
> diff -u -r1.19.2.3 mem.c
> --- mem.c 2000/05/14 00:29:44 1.19.2.3
> +++ mem.c 2001/09/25 06:55:30
> @@ -138,7 +138,7 @@
> switch (minor(dev)) {
> case 0:
> case 1:
> - if (securelevel >= 1)
> + if ((flags & FWRITE) && securelevel > 0)
> return (EPERM);
> break;
> case 32:
>
>
> --
> -Alfred Perlstein [alfred@freebsd.org]
> 'Instead of asking why a piece of software is using "1970s technology,"
> start asking why software is ignoring 30 years of accumulated wisdom.'
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-alpha" in the body of the message 

-- 
--===-----=======-----------=============-----------------===================
    rbw aka bjp        |   and did you exchange a walk on part in the war
    rbw@myplace.org    |   for a lead role in a cage?
===================-----------------=============-----------=======-----===--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re[2]: Kernel-loadable Root Kits
    ... > Would you care to point out how I could lower the securelevel then ... > for legitimate use of the system by ... rc.conf) you must start in single user mode after the reboot. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • RE: Running X in securelevels > 0 ?
    ... But the problem is that the securelevel is not ... " 1 Secure mode - the system immutable and system append-only flags ... But I was talking to an OpenBSD user over the weekend who said that 2.7 ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Differences on Securelevels?
    ... is there any place on the Internet that I can read up on ... > the differences with securelevel? ... FreeBSD: The Power To Serve - http://www.FreeBSD.org ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: setting time without changing securelevel
    ... I run NTP through cron, but whenever it tries to change the ... > have to run at a lower securelevel, but only to allow changing the time. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: KLD detectors
    ... of tools out there to bypass the securelevel restriction. ... Scroll down to "securelevel bypass": ... Most of my machines are remote, ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)