Subject: LKM's shouldn't be allowed to be loaded in multiuser mode.
To: None <tech-kern@NetBSD.ORG>
From: matthew green <mrg@mame.mu.OZ.AU>
List: tech-kern
Date: 03/18/1995 15:15:27
i just changed my kern.securelevel from 1 to -1 by loading a
module that did that... just a simple change to roland
mcgrath's defeat-securelevel.c (it checks that secureleves is
not greater than 0) let me do this.
this makes securelevel worthless, as any root user can change
it and thus have full access to changing file flags, and any
thing else securelevel is supposed to `save'.
should lkm's be fixed not to be loadable during multiuser
mode?
.mrg.