Subject: Re: LKM's shouldn't be allowed to be loaded in multiuser mode.
To: Bakul Shah <firstname.lastname@example.org>
From: matthew green <email@example.com.OZ.AU>
Date: 03/21/1995 09:20:06
> Checkout chflags and what these offer. It is possible to *stop*
> people modifying the kernel, /etc/rc*, in multiuser mode already.
> For proof of this, create a file in /tmp, set the schg flag and try
> remove the file. Try rebooting, and see what happens when something
> tries to remove it whilst cleaning /tmp on reboot.
142: touch /tmp/foo
143: chflags uchg /tmp/foo
144: rm -f /tmp/foo
rm: /tmp/foo: Operation not permitted
145: mv -f /tmp/foo /tmp/bar
mv: rename /tmp/foo to /tmp/bar: Operation not permitted
146: touch /tmp/xx
147: mv -f /tmp/xx /tmp/foo
mv: rename /tmp/xx to /tmp/foo: Operation not permitted
So far so good. But....
148: chflags nouchg /tmp/foo
149: rm /tmp/foo
150: ls /tmp/foo
ls: /tmp/foo: No such file or directory
I didn't try the super-user version so may be this hole is filled.
[Besides, it does say this call is under development:-)]
Any way, I have said what I wanted to on this topic so I
will shut up now.
what was your securelevel for this ? if it was > 0, then this is
a security bug that should have been fixed a long time ago.