Subject: kern/1967: securelevel should be patchable
To: None <gnats-bugs@gnats.netbsd.org>
From: John Hawkinson <jhawk@mit.edu>
List: netbsd-bugs
Date: 01/22/1996 01:23:22
>Number:         1967
>Category:       kern
>Synopsis:       securelevel should be patchable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 22 01:50:01 1996
>Last-Modified:
>Originator:     John Hawkinson
>Organization:
MIT SIPB
>Release:        Mon Jan 22 01:19:42 EST 1996
>Environment:
	
System: NetBSD lola-granola 1.1A NetBSD 1.1A (LOLA) #143: Sat Jan 13 01:51:04 EST 1996 mycroft@lola-granola:/afs/sipb.mit.edu/project/netbsd/dev/current-source/build/i386_nbsd1/sys/arch/i386/compile/LOLA i386


>Description:
	kern_sysctl declares securelevel without initializing it to zero
	if INSECURE is not defined. This means that it gets allocated out
	of the bss and is thus not patchable.

	Lately a number of users in our environment have been requesting
	specialized kernels and it's generally more efficient and less time-
	consuming to patch our existing distribution kernels rather than
	recompile. Unfortunately, for those who require INSECURE, this is
	nottrivial.

	Some may make the argument that securelevel should not be patchable
	for just this reason. The counter argument is that such people should
	mark their kernels immutable, and consider adding options SECURE
	which reverts the declaration to its current state.

>How-To-Repeat:
	echo "set securelevel=-1" | gdb -k -w /netbsd
>Fix:

*** kern_sysctl.c.dist	Mon Jan 22 01:18:07 1996
--- kern_sysctl.c	Mon Jan 22 01:18:27 1996
***************
*** 188,194 ****
  #ifdef INSECURE
  int securelevel = -1;
  #else
! int securelevel;
  #endif
  
  /*
--- 188,194 ----
  #ifdef INSECURE
  int securelevel = -1;
  #else
! int securelevel = 0;
  #endif
  
  /*
>Audit-Trail:
>Unformatted: