Re: Real-time alarms

Steve (sreidsea-to-sky.net)
Mon, 20 Sep 1999 16:33:04 -0700

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Crist J. Clark: "Re: ipfw and syslogd"
• Previous message: Brad Knowles: "Re: Out of mbuf clusters"
• In reply to: Wes Peters: "Re: Out of mbuf clusters"
• Next in thread: Nate Williams: "Re: Real-time alarms"

On Mon, Sep 20, 1999 at 12:10:34PM -0400, Robert Watson wrote:
> One thing I am particularly interested in seeing brought to fruition is a
> way to protect key system security processes from interference--from any
> other user process, even one running as root. This might be similar to
> the jail code--the world being in a jail and only processes such as auditd
> (possibly init?) outside of it. Processes would be unable to attach
> debuggers to protected processes while securelevel was set above a certain
> value, and limited in their ability to signal the processes, etc.

Init used to be able to lower the securelevel and for that reason had
(and still has?) some kernel code protecting it. IIRC, it was decided
that Init's ability to lower the securelevel be revoked after it was
discovered that the protections did not take cover procfs.

The protections may still be in the kernel and might be adapted to
protect other processes.

Also, although you can signal Init, if it dies for any reason the
system will reboot. This might be useful for security-related
monitoring processes as well.

Sorry, I don't have code... Not a kernel hacker.

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Crist J. Clark: "Re: ipfw and syslogd"
• Previous message: Brad Knowles: "Re: Out of mbuf clusters"
• In reply to: Wes Peters: "Re: Out of mbuf clusters"
• Next in thread: Nate Williams: "Re: Real-time alarms"

This archive was generated by hypermail 2.0b3 on Mon Sep 20 1999 - 18:27:35 CDT