|Home » Learning Curve
A brief look at the Unix boot process.
init (/sbin/init) is the last stage of the Unix boot process. Its initialisation can be controlled from the system boot process itself. What's important to realise is that this program determines what level of security the system will have once it is up and running. OS X users take note: some of this may be important when it comes to file system management - consult the manual pages for further info.
Windows users can follow along for the ride - and learn a bit about how a real operating system 'operates'.
The Unix kernel can run with four different levels of security.
|-1|| ||Permanently insecure mode: the system is always run in level 0 mode (see below).|
|0||Insecure mode: immutable and append-only flags may be turned off; all devices read and written to subject to their permissions.|
|1||Secure mode: immutable and append-only flags may not be changed; disks for mounted file systems, /dev/mem (raw memory), /dev/kmem (raw kernel memory) are read-only; the system call to set the time of day may only advance the time, not regress it.|
|2||Highly secure mode: the same as secure mode, plus disks are always read-only whether mounted or not, precluding tampering with filesystems by unmounting them and also mounting new filesystems while the system is multi-user.|
Any superuser process can raise the security level, but only init can lower it; for those unfamiliar with the immutable and append-only flags, they're part of additional security above and beyond the ordinary file permissions: these flags, when set, cannot except under special circumstances (as outlined above) be removed.
Unix cannot even boot if init cannot be found or if it for some reason dies: if it is found and run but dies during its initialisation, the system will reboot automatically; if it cannot be found at all, a panic is generated with the diagnostic 'panic: init died (signal XX, exit XX)' where 'XX' are signal and exit codes.
It follows rather easily that there's security here for those who want it and even for those who would prefer to do without. And whilst a superuser as always has quite a lot of power, even these actions are strictly controlled.
User defined flags such as 'immutable' and 'append-only' come in two categories: system and user. Ordinary users can set the user flags; only the superuser can set the system flags.
|00010000  system archived|
00020000  system immutable
00040000  system append
| ||00000001  user no dump|
00000002  user immutable
00000004  user append
00000008  user opaque
But as seen from the description of init, there are further hitches: flags which require single-user mode to be reset and optionally the superuser password to boot the system in this fashion - all of which increases protection against tampering and contributes to the reputation for security Unix is known for.
Unlike Windows, you can't just do anything you want on a Unix machine - and the black hat clad interlopers can't either.