[4800] in bugtraq
Re: [ADVISORY] 4.4BSD Securelevels
daemon@ATHENA.MIT.EDU (Thomas H. Ptacek)
Wed Jun 25 21:46:43 1997
Date: Wed, 25 Jun 1997 18:10:40 -0500
Reply-To: tqbf@enteract.com
From: "Thomas H. Ptacek" <tqbf@ENTERACT.COM>
X-To: mycroft@GNU.AI.MIT.EDU
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <c1k3eq6sywj.fsf@melange.gnu.ai.mit.edu> from "Charles M. Hannum"
at Jun 25, 97 07:30:18 am
> to point out that this change is insufficient, in that it does not
> protect writes to the init process's registers. This is rather easy
Mr. Hannum, after reading your code, I cannot see how this is the case.
Our patch disallows any write access to any procfs file associated with
PID 1 in securelevels above 0. Your patch disallows write access
specifically to regs, floating point regs, and memory - nothing else.
Could you be more specific as to (exactly) how our patch is inadequate?
----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
"If you're so special, why aren't you dead?"
