Date: Wed, 25 Aug 1999 22:37:14 +0200 From: Stefan `Sec` Zehl <sec@42.org> To: freebsd-questions@freebsd.org Subject: securelevel question Message-ID: <19990825223713.A5163@matrix.42.org>
next in thread | raw e-mail | index | archive | help
Hi,
after a discussion with a friend I'm now wondering wether init really
can lower the securelevel ?
In sys/kern/kern_mib.c:133 there is no check for init just an 'raise only'
check.
| if (level < securelevel)
| return (EPERM);
| securelevel = level;
But in sbin/init/init.c:626 it looks like init assumes it can lower the
securelvl:
| /*
| * If the kernel is in secure mode, downgrade it to insecure
| * mode.
| */
| if (getsecuritylevel() > 0)
| setsecuritylevel(0);
To add more to my confusion init can't be traced when securelevel >0
(sys/kern/sys_process.c:246) which i seem to remember was added because
init could lower the securelevel.
| /* can't trace init when securelevel > 0 */
| if (securelevel > 0 && p->p_pid == 1)
| return EPERM;
Can somebody enlighten me please ?
CU,
Sec
--
Larry Wall: "Lisp has all the visual appeal of oatmeal
with nail clippings thrown in."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990825223713.A5163>