Date: Thu, 29 May 1997 08:05:02 +0200 From: "Basti, Zoltan" <zbs@softec.sk> To: "'freebsd-current@freebsd.org'" <freebsd-current@freebsd.org> Subject: RE: Lowering securelevel with gdb Message-ID: <c=CS%a=_%p=Softec%l=CLEOPATRA-970529060502Z-398@cleopatra.softec.sk>
next in thread | raw e-mail | index | archive | help
> >> A while ago there has been a discussion on freebsd-security >> about the possibility of lowering securelevel by attaching to init >> with gdb. Looking at the -current sources it seems to me it >> is still not fixed. > >I think the entire idea that PID 1 is allowed to lower the securelevel >basically defeats the securelevel conception. It should go away. If >you run a machine with raised securelevel, it's not undue to require a >reboot first in order to perform maintenance tasks -- you gotta sit on >the console anyway. This would plug all current and potential >future security holes in this respect once and for all. I agree 100%. A really elegant solution. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c=CS%a=_%p=Softec%l=CLEOPATRA-970529060502Z-398>