Date: Sun, 9 Jun 1996 16:44:52 -0400 From: Garrett Wollman <wollman@lcs.mit.edu> To: Brian Tao <taob@io.org> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Effects of kern.securelevel >= 0 Message-ID: <9606092044.AA08601@halloran-eldar.lcs.mit.edu> In-Reply-To: <Pine.NEB.3.92.960609115619.11452G-100000@zap.io.org> References: <Pine.NEB.3.92.960609115619.11452G-100000@zap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 9 Jun 1996 12:13:24 -0400 (EDT), Brian Tao <taob@io.org> said: > According to /sys/sys/systm.h, single user mode should be > associated with kern.securelevel=0 and multiuser mode with > kern.securelevel=1. Should the default /etc/rc have the appropriate > sysctl call? No. It is automatically increased by init if it starts out as >=0. Like the comment in the file says, you should delete the initializer in the source file if you want to enable security features. > Also, are there any caveats to running an ISP shell login server > with securelevel 2? I recall that an old version of XFree86 would > complain at level 1+ because it seemed to want to write to /dev/mem > (VGA memory access?). I can't think of any side effects (no user > should be fiddling with raw disk devices anyway). Unfortunately, there are still a number of other holes, like /dev/io, that would need to be closed before this was a truly ``safe'' environment. > My main concern was the ability to turn off schg/sappnd flags at > level -1 or 0. I suppose, however, that if someone was able to > execute commands as root, that person could just add commands to > /etc/rc to do their dirty deeds and reboot the machine... :( That's why, when setting up a secure system, you have to make /etc/rc, and all the files it depends on, immutable, and all the important system directories append-only. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9606092044.AA08601>