[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Rationale for allowing mount_mfs in securelevel 2?

I have been recently thinking about trade-offs involved in running
servers at the securelevel 2.  In securelevel 2, it is possible to mount
a MFS over an arbitrary disk directory and create arbitrary files in it,
including those that have system immutable flags set in the original
(disk) filesystem.  This would essentially allow an attacker to
circumvent the system immutable flag until the reboot.

My question is then this: what is the rationale, if any, for allowing
mount_mfs in securelevel 2?  

Not that it is a big deal (as MFS can be disabled in the kernel IIRC), I
am just wondering if I am perhaps misunderstanding the concept of
securelevel and protections allowed by it.

I searched both mailing list archives and Google, but couldn't find
anything relevant.  Feel free to point me to earlier discussions on the
subject, if there were any.

Roman Rodyakin.

Visit your host, monkey.org