From owner-freebsd-bugs Mon Sep 4 4:50:11 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9F6BC37B42C for ; Mon, 4 Sep 2000 04:50:03 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id EAA18480; Mon, 4 Sep 2000 04:50:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Mon, 4 Sep 2000 04:50:03 -0700 (PDT) Message-Id: <200009041150.EAA18480@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Sheldon Hearn Subject: Re: bin/20974: securelevel not reset when going to single user mode Reply-To: Sheldon Hearn Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/20974; it has been noted by GNATS. From: Sheldon Hearn To: Vivek Khera Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/20974: securelevel not reset when going to single user mode Date: Mon, 04 Sep 2000 13:39:46 +0200 On Sun, 03 Sep 2000 08:30:06 MST, Vivek Khera wrote: > It sure is hard to do system maintenance unless the secure level drops > back to 0 in single user mode. BSD/OS does this, and it makes sense > to do so, I think. The CVS logs for init.c revealed something interesting: | revision 1.36 | date: 1999/09/06 08:41:32; author: kato; state: Exp; lines: +1 -7 | FreeBSD kernel doesn't allow any process to decrease securelevel. So, | init(8) cannot decrease securelevel. The manual page explains this | and single_user() doesn't try to downgrade kernel to insecure mode. | | Reviewed by: bde (manual page) As I said before, I don't think that the manual page describes the reality of the sitation. So now the issue is whether we want to allow the same behaviour as BSD/OS exhibits, and if so, how to teach the kernel to allow the dropping of the securelevel. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message