Subject: Re: kern/1967: securelevel should be patchable
To: None <email@example.com>
From: James da Silva <firstname.lastname@example.org>
Date: 01/23/1996 22:02:48
> > Yes! Securelevel can be patched with a trivial program even when
> > originally in bss. The kernel needs to be immutable to avoid this.
> And so need the 'rc' scripts. If you can modify them, you can load a
> LKM that patches securelevel or otherwise defeats it (like the i386
> XFree86 aperture driver that I wrote...).
Ah. It follows then that _every_ binary and script run in single user mode
must be immutable, or there's little point to having securelevel 1.