Re: [ADVISORY] 4.4BSD Securelevels

Thomas H. Ptacek (tqbf@enteract.com)
Wed, 25 Jun 1997 18:10:40 -0500

> to point out that this change is insufficient, in that it does not
> protect writes to the init process's registers. This is rather easy

Mr. Hannum, after reading your code, I cannot see how this is the case.

Our patch disallows any write access to any procfs file associated with
PID 1 in securelevels above 0. Your patch disallows write access
specifically to regs, floating point regs, and memory - nothing else.

Could you be more specific as to (exactly) how our patch is inadequate?

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
"If you're so special, why aren't you dead?"