Bug #1572

DFBSD 2.5.0 - securelevel not working?

Added by ahuete.devel about 5 years ago. Updated about 5 years ago.

Status:ClosedStart date:
Priority:HighDue date:
Assignee:tuxillo% Done:

0%

Category:-
Target version:-

Description

Hi all,

Maybe I'm doing something wrong, but securelevel(8) seems to be non-working.
I've done the following:

# grep secure /etc/rc.conf
kern_securelevel="2"
# sysctl kern.securelevel
kern.securelevel: 2
# ktrace ./od
Descriptor is 3
# kdump -f ./ktrace.out
...
892 od CALL open(0x8048687,O_RDWR,<unused>0x804977c)
892 od NAMI "/dev/da0s1d"
892 od RET open 3
...

I could open it for read-write! Following the definition in the
manpage for secure level 2:

"2 Highly secure mode - same as secure mode, plus disks may not be
opened for writing (except by mount(2)) whether mounted or not.
This level precludes tampering with file systems by unmounting
them, but also inhibits running newfs(8) while the system is multi-
user."

Am I missing something or securelevel is not working here?

Cheers,
Antonio Huete

History

#1 Updated by alexh about 5 years ago

Is anything else related to securelevel not working? I might have broken
something related to that when rewriting the disk subsystem.
Am a bit busy at the time, so I won't be able to look at it for a few days.

Cheers,
Alex Hornung

#2 Updated by tuxillo about 5 years ago

Hi,

Can you please review this commit? It fixes the issue here, but maybe I'm
missing something.

http://gitweb.dragonflybsd.org/~tuxillo/dragonfly.git/commit/890fd790e7c4db3805995b2f77c4392e95062b02

#3 Updated by tuxillo about 5 years ago

#4 Updated by tuxillo about 5 years ago

Committed a fix in d894b0eb3f9e4c41a183cdbfa6c59de4208958a4

#5 Updated by thomas.nikolajsen about 5 years ago

Update status; issue fixed, as noted in prev. msg.

Also available in: Atom PDF