Re: Misc Fixes

Zefram (A.Main@dcs.warwick.ac.uk)
Tue, 9 Jul 1996 17:23:13 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andude/Guild: "Re: proc delays"
Previous message: Linus Torvalds: "Re: Problems with compiling struct fd_set -- storage size isn't known"
In reply to: Theodore Y. Ts'o: "Re: Misc Fixes"
Next in thread: Alan Cox: "Re: Misc Fixes"

>Tried getting this patch through during 1.3; Linus rejected it as making
>it too easy for module to circumvent securelevel. The fix he wanted was
>write a functional interfaces so that it would be possible for ext2 to
>obtain the current securelevel settings, without being able to set it.

Unless I'm gravely mistaken about the nature of Linux modules, any
loaded module can *actually* modify securelevel -- or indeed do
anything that the current securelevel would normally prohibit --
regardless of this patch. The only difference is that without this
patch (a) a lot of things are not easily modularised and (b) it's
non-trivial to write a module to maliciously change the securelevel
(though still easy to do other nasty things).

A function such as you describe will effectively give away the address
of securelevel to malicious code (it knows where the function is and
doesn't need to do as much as a disassembly), but will still hinder
legitimate code. The obvious solution is to disallow loading/unloading
of modules at a sufficiently high securelevel.

-zefram

Next message: Andude/Guild: "Re: proc delays"
Previous message: Linus Torvalds: "Re: Problems with compiling struct fd_set -- storage size isn't known"
In reply to: Theodore Y. Ts'o: "Re: Misc Fixes"
Next in thread: Alan Cox: "Re: Misc Fixes"