From owner-freebsd-security  Mon May 14  6:26:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ns.morning.ru (ns.morning.ru [195.161.98.5])
	by hub.freebsd.org (Postfix) with ESMTP id 7459D37B43C
	for <freebsd-security@FreeBSD.ORG>; Mon, 14 May 2001 06:26:34 -0700 (PDT)
	(envelope-from poige@morning.ru)
Received: from NIC1 ([195.161.98.236])
	by ns.morning.ru (8.9.3/8.9.3) with ESMTP id VAA13174;
	Mon, 14 May 2001 21:26:12 +0800 (KRAST)
	(envelope-from poige@morning.ru)
Date: Mon, 14 May 2001 21:28:56 +0700
From: Igor Podlesny <poige@morning.ru>
X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091
Organization: Morning Network
X-Priority: 3 (Normal)
Message-ID: <10320318256.20010514212856@morning.ru>
To: root <root@apsara.barc.ernet.in>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipfw rules and securelevel
In-Reply-To: <Pine.LNX.4.33.0105141802230.18115-100000@apsara.barc.ernet.in>
References: <Pine.LNX.4.33.0105141802230.18115-100000@apsara.barc.ernet.in>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


> Dear friends,
>         Even in securelevel 3 I can bypass ipfw rules. In securelevel 3 I
> as root can change the variable "net.inet.ip.fw.enable" using sysctl. When
> I run a command

>         sysctl -w net.inet.ip.fw.enable=0

>         It disables the ipfw rules.

> Is it a feature or hole in freebsd.

doesn't matter how it is called, only matters how it hurts... (it does)

> please help

-- 
 Igor                            mailto:poige@morning.ru



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message