Date: Mon, 19 Feb 1996 08:54:54 +0100 (MET) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-hackers@freebsd.org (FreeBSD hackers) Subject: Re: Is "immutable" supposed to be a good idea? Message-ID: <199602190754.IAA11203@uriah.heep.sax.de> In-Reply-To: <m0toMB5-000C7fC@nemesis.lonestar.org> from "Frank Durda IV" at Feb 18, 96 09:22:00 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As Frank Durda IV wrote: > Unfortunate. I think we should propose changing maintenance mode to > run at level -1 All our systems run at: j@uriah 364% sysctl kern.securelevel kern.securelevel: -1 by now. Even multi-user. > [6]By default, the system is always in insecure mode (security level -1; > [6]use `sysctl kern.securelevel' to see the level). > > See above. The average sysadmin trying to recover a system is going > to run into this nonsense again and again. You could have used fsdb(8) in your case. It lives under /sbin now, and you can even drop it into a 2.1R system (that's why i've put it into /xperimnt there). > [6]You'd be really unhappy if we turned on secure mode :-). > > Undoubtedly, but we were not talking about what you call secure mode. Nope. I think even securelevel==1 would screw any current systems. It prevents programs from writing to /dev/mem, so you can expect things like an Xserver to no longer run. > ... and why > standard recovery tools like restore, tar and cpio aren't able to report > that their restores aren't actually restoring the files you expect them > to restore. > > These questions remain completely unanswered. You've got fsdb. I admit that restore should handle it, however. > I would prefer that the definition of maintenance mode be changed to not > enforce immutable BY DEFAULT. > This immutable stuff can't possibly be a POSIX thing, so there should be > no technical reason for fixing this, only religious reasons. It would move us away from the 4.4BSD standard. So we should only change the definition of securelevels if all other 4.4BSD parties (NetBSD, [OpenBSD, ] BSD/OS) agree to do the same. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602190754.IAA11203>