> Hi,
>
> On Fri, 29 Mar 1996 19:52:32 -0800 (PST), Snow Cat
> <snowcat@math.csufresno.edu> said:
>
> > sct@dcs.ed.ac.uk once wrote:
> >>
> >> ... A non-zero securelev prevents even root from bypassing or
> >> removing the immutable (or the append-only) flag on an ext2 file.
> >>
> >> Not even root is allowed to decrease the securelev again. The only
> >> process ever allowed to decrement securelev is init.
>
> > So, how does one need to modify /proc/1/mem to decrease the secure-level
> > after getting root access? :)
>
> You don't need to. You can just do a ptrace() on init, or create your
> OWN init process --- by using a careful, controlled fork bomb we can
> easily create new processes until we are about to wrap pid, then kill
> init and wait until one of our forks has a pid of 1.
Does the kernel really reassign PID 1? What about a panic as soon as
PID 1 dies?
>
> The securelevel code is now fully implemented, but of course it is
> still insecure if there are other vulnerabilities in the security
> regime which permit arbitrary access to kernel memory or to the init
> process. A complete security mechanism, capable of defeating even a
> root attack, has GOT to be more complex than Linux can currently
> achieve. There's nothing new about this!
>
> However, one thing which could be done fairly easily would be to (a)
> protect init from all attacks, making it immune to ptrace, kill -9
> etc; and (b) disable all direct kernel access (such as /dev/mem or
> loading new kernel modules) once securelev is sufficiently high.
>
> Cheers,
> Stephen.
> --
> Stephen Tweedie <sct@dcs.ed.ac.uk>
> Department of Computer Science, Edinburgh University, Scotland.
Ulrich