Bug #1572
closed
DFBSD 2.5.0 - securelevel not working?
0%
Description
Hi all,
Maybe I'm doing something wrong, but securelevel(8) seems to be non-working.
I've done the following:
- grep secure /etc/rc.conf
kern_securelevel="2" - sysctl kern.securelevel
kern.securelevel: 2 - ktrace ./od
Descriptor is 3 - kdump -f ./ktrace.out
...
892 od CALL open(0x8048687,O_RDWR,<unused>0x804977c)
892 od NAMI "/dev/da0s1d"
892 od RET open 3
...
I could open it for read-write! Following the definition in the
manpage for secure level 2:
"2 Highly secure mode - same as secure mode, plus disks may not be
opened for writing (except by mount(2)) whether mounted or not.
This level precludes tampering with file systems by unmounting
them, but also inhibits running newfs(8) while the system is multi-
user."
Am I missing something or securelevel is not working here?
Cheers,
Antonio Huete
Updated by alexh over 14 years ago
Is anything else related to securelevel not working? I might have broken
something related to that when rewriting the disk subsystem.
Am a bit busy at the time, so I won't be able to look at it for a few days.
Cheers,
Alex Hornung
Updated by tuxillo over 14 years ago
Hi,
Can you please review this commit? It fixes the issue here, but maybe I'm
missing something.
Updated by tuxillo over 14 years ago
Changed to use securelevel variable instead functions as requested:
http://gitweb.dragonflybsd.org/~tuxillo/dragonfly.git/commitdiff/e75e8e20f0e608a6fb105403569e71bdcae09f9e
Updated by tuxillo over 14 years ago
Committed a fix in d894b0eb3f9e4c41a183cdbfa6c59de4208958a4
Updated by thomas.nikolajsen over 14 years ago
Update status; issue fixed, as noted in prev. msg.