Re: [ADVISORY] 4.4BSD Securelevels

Cy Schubert - ITSD Open Systems Group (cschuber@uumail.gov.bc.ca)
Wed, 25 Jun 1997 10:01:38 -0700

> ----------------------------------------------------------------------------
>
> OpenBSD Security Advisory
>
> June 24, 1997
>
> Vulnerability in 4.4BSD procfs
>

> ----- cut here -----
>
> *** sys/miscfs/procfs/procfs_subr.c Tue Jun 24 15:56:02 1997
> --- sys-old/miscfs/procfs/procfs_subr.c Tue Jun 24 15:55:06 1997
> ***************
> *** 1,3 ****
> ! /* $OpenBSD: procfs_subr.c,v 1.5 1997/04/06 07:00:14 millert Exp $ */
> /* $NetBSD: procfs_subr.c,v 1.15 1996/02/12 15:01:42 christos Exp $
*/
>
> --- 1,3 ----
> ! /* $OpenBSD: procfs_subr.c,v 1.6 1997/06/21 12:19:45 deraadt Exp $ */
> /* $NetBSD: procfs_subr.c,v 1.15 1996/02/12 15:01:42 christos Exp $
*/
>
> ***************
> *** 222,225 ****
> --- 222,228 ----
> if (p == 0)
> return (EINVAL);
> + /* Do not permit games to be played with init(8) */
> + if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
> + return (EPERM);
>
> switch (pfs->pfs_type) {
>
> ----- cut here -----

Though I cannot think of any exploits at the moment, I would probably be
more conservative and include the pagedaemon and swapper processes, PID's 2
and 3, as well.

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
UNIX Support OV/VM: BCSC02(CSCHUBER)
ITSD BITNET: CSCHUBER@BCSC02.BITNET
Government of BC Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
Cy.Schubert@gems8.gov.bc.ca

"Quit spooling around, JES do it."