Re: [ADVISORY] 4.4BSD Securelevels

[cschuber () uumail gov bc ca (Cy Schubert - ITSD Open Systems Group)]

> ----------------------------------------------------------------------------
>
>                         OpenBSD Security Advisory
>
>                               June 24, 1997
>
>                       Vulnerability in 4.4BSD procfs

> ----- cut here -----
>
> *** sys/miscfs/procfs/procfs_subr.c     Tue Jun 24 15:56:02 1997
> --- sys-old/miscfs/procfs/procfs_subr.c Tue Jun 24 15:55:06 1997
> ***************
> *** 1,3 ****
> ! /*    $OpenBSD: procfs_subr.c,v 1.5 1997/04/06 07:00:14 millert Exp $ */
>   /*    $NetBSD: procfs_subr.c,v 1.15 1996/02/12 15:01:42 christos Exp $
   */
> --- 1,3 ----
> ! /*    $OpenBSD: procfs_subr.c,v 1.6 1997/06/21 12:19:45 deraadt Exp $ */
>   /*    $NetBSD: procfs_subr.c,v 1.15 1996/02/12 15:01:42 christos Exp $
   */
> ***************
> *** 222,225 ****
> --- 222,228 ----
>         if (p == 0)
>                 return (EINVAL);
> +       /* Do not permit games to be played with init(8) */
> +       if (p->p_pid == 1 && securelevel > 0 && uio->uio_rw == UIO_WRITE)
> +               return (EPERM);
>
>         switch (pfs->pfs_type) {
>
> ----- cut here -----

Though I cannot think of any exploits at the moment, I would probably be
more conservative and include the pagedaemon and swapper processes, PID's 2
and 3, as well.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
UNIX Support                   OV/VM:  BCSC02(CSCHUBER)
ITSD                          BITNET:  CSCHUBER@BCSC02.BITNET
Government of BC            Internet:  cschuber () uumail gov bc ca
                                       cschuber () bcsc02 gov bc ca
                                       Cy.Schubert () gems8 gov bc ca

                "Quit spooling around, JES do it."