Bugtraq mailing list archives
Re: Unprivilegued settings for FreeBSD kernel variables
From: Christian Ullrich <chris () chrullrich de>
Date: Fri, 18 Jun 2004 20:01:49 +0200
* Eygene A. Ryabinkin wrote on Thursday, 2004-06-17:
On Tue, Jun 15, 2004 at 09:01:13PM +0200, Dag-Erling SmÞrgrav wrote:
I've already told you that there is no such threat, since the attack you describe can only be initiated by someone who already has unrestricted access. Please stop wasting everybody's time.
You are wrong. Unrestricted access means _really unrestricted_ and kernel securelevel restricts access to certain places even to root.
Quite correct.
IMHO, it's dagerous bug, because some administrators can think "...hmm, I've enabled the hardest securelevel and even if a hacker would break into my host with r00t privileges he will be restricted in certain ways.
Correct as well.
But this bug changes things. One can lower securelevel, do some nasty things and raise it again _without reboots_. So, as I've already noted, you are wrong.
No. You CAN'T load or unload kernel modules if securelevel is > 0. To make your attack work, the attacker would have to have access to the system before it ever went to securelevel 1, 2 or 3, in order to load the very kernel module your attack requires. Since that almost certainly means that he had to be in the same room with the system, I think "can only be initiated by someone who already has unrestricted access" is completely correct. -- Christian Ullrich "There's nothing we can't face -- except for Bun-bun..."
Current thread:
- Unprivilegued settings for FreeBSD kernel variables Radko Keves (Jun 15)
- Re: Unprivilegued settings for FreeBSD kernel variables Dag-Erling Smørgrav (Jun 16)
- Re: Unprivilegued settings for FreeBSD kernel variables Eygene A. Ryabinkin (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Jason V. Miller (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Christian Ullrich (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Ivaylo Kostadinov (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Eygene A. Ryabinkin (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Manuel Bouyer (Jun 18)
- Re: Unprivilegued settings for FreeBSD kernel variables Valdis . Kletnieks (Jun 19)
- Re: Unprivilegued settings for FreeBSD kernel variables Wietse Venema (Jun 22)
- Re: Unprivilegued settings for FreeBSD kernel variables Henning Brauer (Jun 19)
- Re: Unprivilegued settings for FreeBSD kernel variables Valdis . Kletnieks (Jun 19)
- Re: Unprivilegued settings for FreeBSD kernel variables Jason V. Miller (Jun 21)
- <Possible follow-ups>
- Re: Unprivilegued settings for FreeBSD kernel variables blexim (Jun 20)
- Re: Unprivilegued settings for FreeBSD kernel variables Dag-Erling Smørgrav (Jun 16)