Re: Misc Fixes

Robey Pointer (
Wed, 10 Jul 1996 11:20:20 -0700 (PDT)

Zefram said this, and I just had to respond:
> >Tried getting this patch through during 1.3; Linus rejected it as making
> >it too easy for module to circumvent securelevel. The fix he wanted was
> >write a functional interfaces so that it would be possible for ext2 to
> >obtain the current securelevel settings, without being able to set it.
> A function such as you describe will effectively give away the address
> of securelevel to malicious code (it knows where the function is and
> doesn't need to do as much as a disassembly), but will still hinder
> legitimate code. The obvious solution is to disallow loading/unloading
> of modules at a sufficiently high securelevel.

Not to jump in or anything, but...
How about a small kernel function to return the current securelevel value?
int get_securelevel();
Then export THAT to modules.