[4797] in bugtraq
Re: [ADVISORY] 4.4BSD Securelevels
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Wed Jun 25 20:51:00 1997
Date: Wed, 25 Jun 1997 10:01:38 -0700
Reply-To: cschuber@uumail.gov.bc.ca
From: Cy Schubert - ITSD Open Systems Group <cschuber@UUMAIL.GOV.BC.CA>
X-To: tqbf@enteract.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 24 Jun 1997 18:49:44 CDT."
<199706242349.SAA15385@enteract.com>
> ----------------------------------------------------------------------------
>
> OpenBSD Security Advisory
>
> June 24, 1997
>
> Vulnerability in 4.4BSD procfs
>
> ----- cut here -----
>
> *** sys/miscfs/procfs/procfs_subr.c Tue Jun 24 15:56:02 1997
> --- sys-old/miscfs/procfs/procfs_subr.c Tue Jun 24 15:55:06 1997
> ***************
> *** 1,3 ****
> ! /* $OpenBSD: procfs_subr.c,v 1.5 1997/04/06 07:00:14 millert Exp $ */
> /* $NetBSD: procfs_subr.c,v 1.15 1996/02/12 15:01:42 christos Exp $
*/
>
> --- 1,3 ----
> ! /* $OpenBSD: procfs_subr.c,v 1.6 1997/06/21 12:19:45 deraadt Exp $ */
> /* $NetBSD: procfs_subr.c,v 1.15 1996/02/12 15:01:42 christos Exp $
*/
>
> ***************
> *** 222,225 ****
> --- 222,228 ----
> if (p == 0)
> return (EINVAL);
> + /* Do not permit games to be played with init(8) */
> + if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
> + return (EPERM);
>
> switch (pfs->pfs_type) {
>
> ----- cut here -----
Though I cannot think of any exploits at the moment, I would probably be
more conservative and include the pagedaemon and swapper processes, PID's 2
and 3, as well.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
UNIX Support OV/VM: BCSC02(CSCHUBER)
ITSD BITNET: CSCHUBER@BCSC02.BITNET
Government of BC Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
Cy.Schubert@gems8.gov.bc.ca
"Quit spooling around, JES do it."
