Re: ext2 attribute immutable

Matthias Urlichs (
Tue, 2 Apr 1996 15:01:51 +0100

In, article <>, writes:
> On Fri, 29 Mar 1996 19:52:32 -0800 (PST), Snow Cat
> <> said:
> > So, how does one need to modify /proc/1/mem to decrease the secure-=
> > after getting root access? :)
> You don't need to. You can just do a ptrace() on init, or create you=
> OWN init process --- by using a careful, controlled fork bomb we can
> easily create new processes until we are about to wrap pid, then kill
> init and wait until one of our forks has a pid of 1.
You cannot call ptrace() on init. You cannot kill init (the kernel
prevents deadly signals to be delivered to init). You cannot loop aroun=
to pid 1 because (a) PIDs restart at 100 and (b) init stays around as a
zombie process because its father process (PID 0) never waits for it.

> A complete security mechanism, capable of defeating even a
> root attack, has GOT to be more complex than Linux can currently
> achieve. There's nothing new about this!
_That_ is quite obvious. IMHO, the best way out of this is to implement
ACLs so that we don't need root. No root-capable process on the system =
no security problems caused by root. Easy, isn't it? ;-) ;-) ;-)

> However, one thing which could be done fairly easily would be to (a)
> protect init from all attacks, making it immune to ptrace, kill -9
> etc
Surprise -- that is already in the kernel.

> and (b) disable all direct kernel access (such as /dev/mem or
> loading new kernel modules) once securelev is sufficiently high.

Movies keep getting more explicit; these days a "family film" is likely
to show you how to start one.
-- Sandy Teller
Matthias Urlichs \ XLink-POP N=FCrnberg | EMail: urlichs@smurf.=
Schleiermacherstra=DFe 12 \ Unix+Linux+Mac | Phone: ...please use =
90491 N=FCrnberg (Germany) \ Consulting+Networking+Programming+etc'i=
ng 42
PGP: 1B 89 E2 1C 43 EA 80 44 15 D2 29 CF C6 C7 E0 DE=20
Click <A HREF=3D"">here</A>.