Re: Misc Fixes

Robey Pointer (robey@netcom.com)
Wed, 10 Jul 1996 11:20:20 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Delepine Jean Charles: "Apricot.c ---> stop warnings"
Previous message: Kees Bakker: "NFS still has caching problem"
In reply to: Isamar Maia: "Kernel 2.0 - HD mounting Problems"

Zefram said this, and I just had to respond:
>
> >Tried getting this patch through during 1.3; Linus rejected it as making
> >it too easy for module to circumvent securelevel. The fix he wanted was
> >write a functional interfaces so that it would be possible for ext2 to
> >obtain the current securelevel settings, without being able to set it.
[...]
> A function such as you describe will effectively give away the address
> of securelevel to malicious code (it knows where the function is and
> doesn't need to do as much as a disassembly), but will still hinder
> legitimate code. The obvious solution is to disallow loading/unloading
> of modules at a sufficiently high securelevel.

Not to jump in or anything, but...
How about a small kernel function to return the current securelevel value?
int get_securelevel();
Then export THAT to modules.

Robey

Next message: Delepine Jean Charles: "Apricot.c ---> stop warnings"
Previous message: Kees Bakker: "NFS still has caching problem"
In reply to: Isamar Maia: "Kernel 2.0 - HD mounting Problems"