Subject: Re: kern/1967: securelevel should be patchable
To: None <>
From: James da Silva <>
List: netbsd-bugs
Date: 01/23/1996 22:02:48
 I wrote:
 > > Yes!  Securelevel can be patched with a trivial program even when
 > > originally in bss.  The kernel needs to be immutable to avoid this.

 Matthieu wrote:
 > And so need the 'rc' scripts. If you can modify them, you can load a
 > LKM that patches securelevel or otherwise defeats it (like the i386
 > XFree86 aperture driver that I wrote...). 

Ah.  It follows then that _every_ binary and script run in single user mode
must be immutable, or there's little point to having securelevel 1.