Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Sep 1999 08:39:54 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc:        KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: Init(8) cannot decrease securelevel
Message-ID:  <199909061539.IAA74893@apollo.backplane.com>
References:  <199909060513.PAA12402@godzilla.zeta.org.au> <19990906142342F.kato@gneiss.eps.nagoya-u.ac.jp> <xzp1zcco10z.fsf@flood.ping.uio.no>

next in thread | previous in thread | raw e-mail | index | archive | help
:
:KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> writes:
:>   The kernel runs with four different levels of security.
:> ! Any super-user process can raise the security level, but no process
:>   can lower it.
:
:How about "The security level can only be raised by the super-user,
:and cannot be lowered by anyone." instead?
:
:DES
:-- 
:Dag-Erling Smorgrav - des@flood.ping.uio.no

    Though, as a side note, it should be noted that if you have DDB
    enabled then lowering the secure level is pretty easy to do.  If you
    have access to the console, of course.  We used this trick at BEST
    a couple of times.  Still, I think this might qualify as a bug in
    the securelevel implementation.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909061539.IAA74893>