230798 – security/kernel possible to bypass kern.securelevel and immutable flags (chflags)

Bug 230798 - security/kernel possible to bypass kern.securelevel and immutable flags (chflags)

Summary: security/kernel possible to bypass kern.securelevel and immutable flags (chfl...

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	10.4-STABLE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-08-21 13:37 UTC by sielaq
Modified:	2018-08-21 15:35 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description sielaq 2018-08-21 13:37:54 UTC

Scenario:

  Having applied "paranoia mode" 

  kern.securelevel: 1

  and even special chflags immutable flags
  and having nullfs loaded 

  nullfs_load="YES"

It is possible to bind the files with
mount_nullfs to cover the existing config or binaries.

Not sure if this is a bug or feature...
just in case raising it.