[nycbug-talk] kernels

Roland C. Dowdeswell elric
Thu Jun 3 19:02:12 EDT 2004


On 1086302515 seconds since the Beginning of the UNIX epoch
Bob Ippolito wrote:
>

>Well, I know that root isn't ring 0, but you can do a whole lot of 
>nasty stuff like rewrite the boot loader and reboot, or read/write 
>memory in other proceses, shutdown the machine, wipe the partition 
>table, etc.  I'm not familiar enough with the implementation of the 
>*BSDs to know whether or not they try and disable any of these things 
>given an appropriate security setting.

They do.  In high enough secure level, you cannot write to disks
except through the file-system code, and cannot upgrade read-only
mounts to read-write mounts, etc., etc.  You can still do a reasonable
amount of damage, but if the system with some level of care it can
be difficult to compromise---that is either by careful use of
immutable flags, or by simply mounting most of the file-systems
read-only.

Of course you can shutdown the machine, but that's not much of a
problem.

Securelevel 2 is a relatively specialised setup and doesn't make
sense for end-user machines.  It's mostly useful for servers that
need to be highly secure.

One of the major problems is that the XF86 people insist that they
need to have direct access to the PCI bus and hence you cannot
increase the securelevel beyond 0 if you want to run X which is a
little unfortunate.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/




More information about the talk mailing list