Bypassing Secure Level 1 in 4.4BSD Derivatives
In 4.4BSD derivatives, there are four secure levels that provide for added filesystem security. Part of the secure levels are the system of file flags which include immutable and append-only flags. In secure level 0, these flags are irrelevant. The vulnerability lies in the inherent flaw with security level 1. In security level 1, the file flags are acknowledged; however, umounted partitions/devices can be freely written to and modified by root. Stealth has written a tool which allows for an intruder who has gained root to bypass security level 1 through writing directly to the device and clearing the file flags. The tool also sets the CLEAN flag in the filesystem which fools the computer into thinking the modified device is clean avoiding detection at bootup.