From owner-freebsd-hackers Mon Feb 19 00:14:12 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA09845 for hackers-outgoing; Mon, 19 Feb 1996 00:14:12 -0800 (PST) Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id AAA09824 for ; Mon, 19 Feb 1996 00:14:05 -0800 (PST) Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id JAA14504 for ; Mon, 19 Feb 1996 09:13:57 +0100 Received: by sax.sax.de (8.6.11/8.6.12-s1) with UUCP id JAA13030 for freebsd-hackers@freebsd.org; Mon, 19 Feb 1996 09:13:56 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.7.3/8.6.9) id IAA11203 for freebsd-hackers@freebsd.org; Mon, 19 Feb 1996 08:54:54 +0100 (MET) From: J Wunsch Message-Id: <199602190754.IAA11203@uriah.heep.sax.de> Subject: Re: Is "immutable" supposed to be a good idea? To: freebsd-hackers@freebsd.org (FreeBSD hackers) Date: Mon, 19 Feb 1996 08:54:54 +0100 (MET) Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: from "Frank Durda IV" at Feb 18, 96 09:22:00 pm X-Phone: +49-351-2012 669 X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org Precedence: bulk As Frank Durda IV wrote: > Unfortunate. I think we should propose changing maintenance mode to > run at level -1 All our systems run at: j@uriah 364% sysctl kern.securelevel kern.securelevel: -1 by now. Even multi-user. > [6]By default, the system is always in insecure mode (security level -1; > [6]use `sysctl kern.securelevel' to see the level). > > See above. The average sysadmin trying to recover a system is going > to run into this nonsense again and again. You could have used fsdb(8) in your case. It lives under /sbin now, and you can even drop it into a 2.1R system (that's why i've put it into /xperimnt there). > [6]You'd be really unhappy if we turned on secure mode :-). > > Undoubtedly, but we were not talking about what you call secure mode. Nope. I think even securelevel==1 would screw any current systems. It prevents programs from writing to /dev/mem, so you can expect things like an Xserver to no longer run. > ... and why > standard recovery tools like restore, tar and cpio aren't able to report > that their restores aren't actually restoring the files you expect them > to restore. > > These questions remain completely unanswered. You've got fsdb. I admit that restore should handle it, however. > I would prefer that the definition of maintenance mode be changed to not > enforce immutable BY DEFAULT. > This immutable stuff can't possibly be a POSIX thing, so there should be > no technical reason for fixing this, only religious reasons. It would move us away from the 4.4BSD standard. So we should only change the definition of securelevels if all other 4.4BSD parties (NetBSD, [OpenBSD, ] BSD/OS) agree to do the same. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)