Subject: Re: The reason for securelevel
To: Jachym Holecek <firstname.lastname@example.org>
From: None <email@example.com>
Date: 01/28/2006 16:32:24
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, Jan 28, 2006 at 03:49:57PM +0100, Jachym Holecek wrote:
> Why should the administrator be prohibited from editing the file
> once the policy is in effect (unless that is explicitly asked for)?
> That sounds counter-intuitive.
Glimpse of a possible security issues. Securelevel is usually put to
effect automatically during the boot time. Then, IF a breach nevertheless
occurs, an attacker can change the securelevel file and a weakened policy
takes effect on the next boot. It is a VERY far-fetched scenario but it is
loosely analogous to not being able to lower the numeric securelevel.
Anyway, it looked like a security issue, but now, after I've given it
more thought, it doesn't make things more secure (the hypothetical attacker
can just edit startup scripts and disable the loading of securelevel policy
in the first place).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----