From owner-freebsd-security  Wed Jan 10  7:57:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 1F3C637B402
	for <freebsd-security@FreeBSD.ORG>; Wed, 10 Jan 2001 07:56:58 -0800 (PST)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA09769;
	Wed, 10 Jan 2001 07:52:32 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda09766; Wed Jan 10 07:52:19 2001
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f0AFqA319574;
	Wed, 10 Jan 2001 07:52:10 -0800 (PST)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdl19572; Wed Jan 10 07:52:01 2001
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.2/8.9.1) id f0AFpwH63004;
	Wed, 10 Jan 2001 07:51:58 -0800 (PST)
Message-Id: <200101101551.f0AFpwH63004@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdx63000; Wed Jan 10 07:51:55 2001
X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 4.2-RELEASE
X-Sender: cy
To: Matjaz Martincic <matjaz.martincic@hermes.si>
Cc: "'Rasputin'" <rasputin@FreeBSD-uk.eu.org>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Running X in securelevels > 0 ? 
In-reply-to: Your message of "Tue, 09 Jan 2001 11:51:59 +0100."
             <EA63CEA50DF8D311ABAD00B0D0211732211A94@hal9000.hermes.si> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 10 Jan 2001 07:51:54 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <EA63CEA50DF8D311ABAD00B0D0211732211A94@hal9000.hermes.si>, 
Matjaz M
artincic writes:
> Had the same problem. I somehow managed to bypass it by creating the shell
> script that first run the Xserver and then change the securelevel with
> sysctl. And it worked. But the problem is that the securelevel is not
> changed at boot time :(, so you have to run X to set it first.

In this situation xdm is your friend.  Start xdm in rc.local, then 
manually set the securelevel in rc.local after xdm has started.  Make 
sure that your X server does not start with the -terminate option, 
which BTW will leave you open to memory leaks in the X server.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message