From owner-freebsd-questions  Fri Dec 28 22:30:32 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49])
	by hub.freebsd.org (Postfix) with ESMTP id 7D84137B41F
	for <freebsd-questions@freebsd.org>; Fri, 28 Dec 2001 22:30:28 -0800 (PST)
Received: from dialup-209.245.140.30.dial1.sanjose1.level3.net ([209.245.140.30] helo=blossom.cjclark.org)
	by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16KD0h-0001Qe-00; Fri, 28 Dec 2001 22:30:23 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fBT6UDG95536;
	Fri, 28 Dec 2001 22:30:13 -0800 (PST)
	(envelope-from cjc)
Date: Fri, 28 Dec 2001 22:30:12 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: measl@mfn.org
Cc: Simon Siemonsma <s.siemonsma@hccnet.nl>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: Disabling KLDs
Message-ID: <20011228223012.E93411@blossom.cjclark.org>
References: <200112282153.WAA12249@smtp.hccnet.nl> <Pine.BSF.4.21.0112282007060.283-100000@greeves.mfn.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0112282007060.283-100000@greeves.mfn.org>; from measl@mfn.org on Fri, Dec 28, 2001 at 08:09:08PM -0600
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Fri, Dec 28, 2001 at 08:09:08PM -0600, measl@mfn.org wrote:
> 
> We use securelevels on all of our FBSD boxes already.  A look at the man
> pages for KLD does not indicate to me that KLDs are disabled by
> securelevels.  If I am misunderstanding what they are saying, I would
> certainly appreciate a pointer in the right direction :-)

$ man securelevel
  ...
     1     Secure mode - the system immutable and system append-only flags may
           not be turned off; disks for mounted filesystems, /dev/mem, and
           /dev/kmem may not be opened for writing; kernel modules (see
           kld(4)) may not be loaded or unloaded.

-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message