From owner-freebsd-security  Tue Sep  7  0:20:54 1999
Delivered-To: freebsd-security@freebsd.org
Received: from rip.psg.com (rip.psg.com [147.28.0.39])
	by hub.freebsd.org (Postfix) with ESMTP id 0B0D315175
	for <freebsd-security@freebsd.org>; Tue,  7 Sep 1999 00:20:52 -0700 (PDT)
	(envelope-from randy@psg.com)
Received: from localhost (808 bytes) by rip.psg.com
	via sendmail with P:stdio/R:inet_resolve/T:smtp
	(sender: <randy>) (ident <randy> using unix)
	id <m11OFYh-0008G5C@rip.psg.com>
	for <freebsd-security@freebsd.org>; Tue, 7 Sep 1999 00:20:51 -0700 (PDT)
	(Smail-3.2.0.101 1997-Dec-17 #1 built 1999-Apr-1)
Message-Id: <m11OFYh-0008G5C@rip.psg.com>
Date: Tue, 7 Sep 1999 00:20:51 -0700 (PDT)
From: Randy Bush <randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Bruce Evans <bde@zeta.org.au>
Cc: freebsd-security@freebsd.org
Subject: Re: Init(8) cannot decrease securelevel
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> date: 1997/06/25 07:31:47;  author: joerg;  state: Exp;  lines: +2 -2
> Don't ever allow lowering the securelevel at all.  Allowing it does
> nothing good except of opening a can of (potential or real) security
> holes.  People maintaining a machine with higher security requirements
> need to be on the console anyway, so there's no point in not forcing
> them to reboot before starting maintenance.

the only time this is annoying to me is that i have to reboot before doing a
buildworld.

randy


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message