Displaying 20 results from an estimated 39 matches for "securelevel".
1996 Nov 18
1
Chattr +i and securelevel
has anyone played with the securelevel variable in the kernel and the
immutable flags in the ext2 file system?
The only way I have found to change the flag is by
patching sched.c from
int securelevel=0
to int securelevel=1
The sysctrl code seems to allow the setting of the flag
only by init (PID=1) and only upwards (0->1, etc).
T...
2004 Feb 11
5
Question about securelevel
I've read about securelevel in the mailing list archive, and found some
pitfalls (and seems to me to be discarded soon).
But According to me, the following configuration should offer a good
security:
- mount root fs read only at boot;
- set securelevel to 3;
- do not permit to unmount/remount roots fs read-write (now it is...
2004 May 28
2
X & securelevel=3
running (4-Stable)
Hi,
short form question:
how does one run XDM under securelevel>0 ?
long version:
i've searched for an answer on how to run Xfree/Xorg at a securelevel
the X server likes access to /dev/io and some other resources but is not
granted access after security is switched on.
one way of doing it seems to be to start it before setting the securelevel, but
then...
1998 May 23
7
Re: Re: Re: Bind Overrun Bug and Linux (fwd)
> > systems which no longer seem to have this. This file contained an archive of
> > the trojan''s that were inserted into the compromised system - does anybody know
> > what is in these trojans?
>
> Check the Linux RootKit ... (LRK)..
>
> Typically LRK to use config-files.. (and typically LRK-users to place
> files in /dev.. find /dev -type f | grep -v
2006 Mar 01
3
Remote Installworld
I'm currently administering a machine about 1500mi from me with nobody
local to the machine to assist me. Anyways, my only access to this
machine is via SSH, no remote serial console or anything.
When I try to do a "make installworld" I end up with
install: rename: /lib/INS@aTxk to /lib/libcrypt.so.3: Operation not
permitted
very shortly thereafter. I cannot boot
1998 Mar 12
2
FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap
...Due to a 4.4BSD VM system problem, it is possible to memory-map
a read-only descriptor to a character device in read-write
mode.
III. Impact
The hole can be used by members of group kmem to gain superuser
privileges. It also allows the superuser to lower the system
securelevel.
IV. Workaround
No workaround is known.
V. Solution
Apply one of the following patches, rebuild your kernel,
install it and reboot your system.
The patches below can be found on
ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:02/
Patch for 3.0-current systems:
I...
2004 Sep 29
5
Kernel-loadable Root Kits
Thanks for the module, I think its a good idea to commit it to FreeBSD
for a few reasons:
1) Some folks just prefer more static kernels.
2) Securelevel is a great thing, but can be a pain to do upgrades around
remotely. [A lot of folks use FreeBSD simply because its a breeze to run
remotely].
3) Until someone writes code to add modules to a kernel via /dev/mem and
releases it to the script kiddie world, the bar has been effectively
raised for...
2010 Sep 06
2
MSIX failure
Hi all, I moved from 8.0-RELEASE to last week's -STABLE:
$ uname -v
FreeBSD 8.1-STABLE #0: Thu Sep 2 16:38:02 SAST 2010 root@XXXXX:/usr/obj/usr/src/sys/GENERIC
and all seems well except my network card is unusable. On boot up:
em0: <Intel(R) PRO/1000 Network Connection 7.0.5> port 0x3040-0x305f mem 0xe3200000-0xe321ffff,0xe3220000-0xe3220fff irq 10 at device 25.0 on pci0
em0: Setup
2000 Dec 18
0
FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs
...virtual machine, can overflow a
buffer in the kernel and bypass access control checks placed on the
abilities of the superuser. These include the ability to "break out"
of the jail environment (jail is often used as a compartmentalization
tool for security purposes), to lower the system securelevel without
requiring a reboot, and to introduce new (possibly malicious) code
into the kernel on systems where loading of KLDs (kernel loadable
modules) has been disabled.
III. Impact
1) On vulnerable FreeBSD 4.x systems where procfs is mounted,
unprivileged local users can obtain root privileges....
2003 May 24
1
ipfirewall(4)) cannot be changed
...nte /root cuaa1# man init |tail -n 130 |head -n 5
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
dummynet(4) configuration cannot be adjusted.
root@vigilante /root cuaa1# sysctl -a |grep secure
kern.securelevel: 3
root@vigilante /root cuaa1# ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65535 44 3648 deny ip from any to any
root@vigilante /root cu...
2004 Jun 07
1
freebsd-security Digest, Vol 61, Issue 3
...>
> You can reach the person managing the list at
> freebsd-security-owner@freebsd.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of freebsd-security digest..."
>
>
> Today's Topics:
>
> 1. X & securelevel=3 (bofn)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 29 May 2004 05:43:23 +0200
> From: "bofn" <bofn@irq.org>
> Subject: X & securelevel=3
> To: freebsd-security@freebsd.org
> Message-ID:...
2003 May 09
2
Problem installing kernel in single usermode
Hi,
I'm running 4.8-STABLE but I'm having some problems installing a new
kernel.
(in /usr/src make installkernel).
mv /kernel /kernel.old operation not permitted
My securelevel is currently set to -1 (kern_securelevel=-1) and
kern_securelevel_enable="NO"
I have already executed chflags noschg /kernel and /kernel.old (while in
single user mode).
What am I missing?
Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime....
1996 Nov 21
2
Re: BOUNCE: Re: Chattr +i and securelevel
Alexander O. Yuriev wrote:
>
> Your message dated: Wed, 20 Nov 1996 18:04:39 EST
> > >has anyone played with the securelevel variable in the kernel and the
> > >immutable flags in the ext2 file system?
> >
> > Yes, and its actualy quite nice.
> >
> > >The sysctrl code seems to allow the setting of the flag
> > >only by init (PID=1) and only upwards (0->1, etc).
> >...
2004 Dec 16
2
Strange command histories in hacked shell server
...tamiraad
drwxr-xr-x 6 tsgan tsgan 1024 Dec 16 17:51 tsgan
drwx------ 4 tugstugi unix 512 Dec 13 20:34 tugstugi
drwxr-xr-x 5 unix unix 512 Dec 13 12:37 unix
...
User should log on as new with password new to create an account.
Accounting is enabled and kern.securelevel is set to 2.
Only one account 'tsgan' is in wheel group and only tsgan gan become root
using su.
Following is the some strange output from grave-robber (coroner toolkit):
...
Dec 13 04 20:18:40 5 m.c -rw-rw---- tugstugi
smmsp /var/spool/clientmqueue/dfiBDCIeD0001529
Dec 13 04 2...
2011 Nov 16
1
Starting X11 with kernel secure level greater than -1/0.
Hi, is there any chance (if yes, how to do this?) to use the xf86
driver which "provides access to the memory and I/O ports of a
VGA board and to the PCI configuration registers for use by
the X servers when running with a kernel security level greater
than 0" in FreeBSD*?
Then it will be possible to start X environment with a kernel
secure level > 0, right? Normally it is impossible
1997 May 25
5
signing syslog files with PGP
I am thinking about writing some sort of deamon which signs syslog
files with PGP.
This should help dedecting unauthorised changes in the syslog files.
What I have in mind works as follows:
Whenever a new line is added to a syslog file the existing syslog file
checked against the privious made signature. If the file passes this
test, the new line(s) is/are added. Then a new signature is
1996 Nov 14
1
Security hole in Debian 1.1 dosemu package
...eived: (from jimd@localhost) by antares.starshine.org (8.8.3/8.8.3) id QAA22488; Tue, 26 Nov 1996 16:53:20 -0800
From: Jim Dennis <jimd@starshine.org>
Approved: alex@bach.cis.temple.edu
Message-Id: <199611270053.QAA22488@antares.starshine.org>
Subject: Re: [linux-security] chattr +i and securelevel
To: linux-security@redhat.com
Date: Tue, 26 Nov 1996 16:53:19 -0800 (PST)
In-Reply-To: <199611210849.JAA00445@cave.et.tudelft.nl> from "Rogier Wolff" at Nov 21, 96 09:49:53 am
Content-Type: text
[Mod: Subject changed and a part about modules removed. Also, if people have
comments,...
2004 Feb 29
2
procfs + chmod = no go
Hello,
I was wondering if it was possible to limit user access on /proc
without having to use securelevels.
For some reason chmod 751 /proc (or 750) does nothing.
Is this possible on FreeBSD 4.9 ? Can't find anything about it in the
manual pages. Just want to prevent lusers from running:
for file in /proc/*/cmdline; do cat $file; echo; done
Greetz,
Jimmy Scott
2006 Dec 06
2
FreeBSD Security Advisory FreeBSD-SA-06:25.kmem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:25.kmem Security Advisory
The FreeBSD Project
Topic: Kernel memory disclosure in firewire(4)
Category: core
Module: sys_dev
Announced:
2006 Jan 26
7
strange problem with ipfw and rc.conf
...ets (it uses default ruleset
65335 locking out everything). I have to do "sh
/etc/ipfw.rules" in order to load the rulesets, once I
did that, I can access the box from remote locations
here is my rc.conf:
host# more /etc/rc.conf
network_interfaces="lo0 em0 dc0 rl0 plip0"
kern_securelevel="2"
kern_securelevel_enable="YES"
linux_enable="YES"
named_enable="YES"
nisdomainname="NO"
sshd_enable="YES"
usbd_enable="YES"
hostname="sis"
tcp_keepalive="YES"
tcp_extensions="YES"
ifconfig_em0=&qu...