> In linux.dev.kernel, article <199607101820.LAA08825@netcom.netcom.com>,
> robey@netcom.com (Robey Pointer) writes:
> >
> > How about a small kernel function to return the current securelevel value?
> > int get_securelevel();
> > Then export THAT to modules.
> >
> The problem is that any truly malicious module can get the address of that
> function, look for the addresss of the securelevel variable, dereference
> that, and set it to zero.
>
> Duh.
(clip)
(I'm generally ignorant about securelevel but ..)
Couldn't the securelevel shown to a module be a different variable than the
real securelevel? Ie have a function copy the securelevel into a visible
variable, but have the kernel keep it's own copy that actually is used to
determine behavior, (possibly testing to see if the two values disagree)?
__kmb203@psu.edu_________________________Debian__1.1___Linux__2.0.5___
Pascal, n.: A programming language named after a man who would turn over in
his grave if he knew about it.