> Securelevel is supposed to be one way in all respects. So it disables access
> to raw block devices, to mmap on /dev/*mem and all other known paths root could
> use to change it indirectly back (eg ioperm/iopl)
The interesting statement (and the challenge) is the quote "all other
known paths". If any cunning people out there can think of other,
not-covered ways that root can subvert the kernel, please get in touch
with me, or Alan, or the list etc.
This work isn't relevant to just securelevel - it is vital for
capabilities too.
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/