securelevel is too secure?

Daniel Schepler (daniel@shep13.wustl.edu)
Wed, 10 Apr 1996 20:20:10 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Doug Ledford: "Linux-1.2.14-Unofficial"
Previous message: Denis V. Lunev: "WANTED: Intel EtherExpress Pro 10/100B driver"

I just got curious to see the securelevel work, and eventually found
that there was no way I could change it, either by _sysctl or the
/proc/sys/kernel/securelevel file. Looking at kernel/sysctl.c, I
think the problem is that permission checks are performed in addition
to calling the strategy function which checks that either pid==1 or
the securelevel is increasing, but the entry is marked as mode 444.
(I think there's good reason for this mode too, because the proc
interface doesn't seem to check with this strategy function before
making a change -- and it looks like it would be hairy to change
this.) Anyway, I got an EPERM when I tried to run my small program,
even running as root and trying to increase the securelevel to 1.

-- 
Daniel Schepler                         The distinguishing mark of an
daniel@frobnitz.wustl.edu               idiot is that he never thinks
http://www.artsci.wustl.edu/~dkschepl   he is one.

Next message: Doug Ledford: "Linux-1.2.14-Unofficial"
Previous message: Denis V. Lunev: "WANTED: Intel EtherExpress Pro 10/100B driver"