Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Jul 1997 20:09:40 -0400 (EDT)
From:      Brian Buchanan <brian@thought.res.cmu.edu>
To:        Vincent Poy <vince@mail.MCESTATE.COM>
Cc:        freebsd-security@freebsd.org
Subject:   securelevel (was: Re: security hole in FreeBSD)
Message-ID:  <Pine.BSF.3.96.970728200236.26892C-100000@thought.res.cmu.edu>
In-Reply-To: <Pine.BSF.3.95.970728162901.3844D-100000@mail.MCESTATE.COM>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Vincent Poy wrote:

> =)I was under the impression that doing a 'make world' in multiuser mode
> =)wasn't optimal.
> 
> 	I know but when all the admins are remote, it has to be done
> multiuser.  Is there a way to push the secure level up to 2 and then push
> it down when a make world is needed?

Uh, that would defeat the purpose of securelevel.  It's not supposed to be
possible to ever lower it, except when dropping into single-user mode, and
even allowing init to do so in that instance is risky IMHO - a few months
ago I reported a hole, which I believe was fixed, that made it possible to
lower the securelevel by attaching a debugger to init.  Even though that's
plugged now, it's still possible that there's another way to fool the
kernel into thinking that process 1 is requesting that securelevel be
lowered.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970728200236.26892C-100000>