From owner-freebsd-security Sun Jan 7 6:52:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail1.javanet.com (mail1.javanet.com [205.219.162.10]) by hub.freebsd.org (Postfix) with ESMTP id 6CF3037B705; Sun, 7 Jan 2001 06:26:58 -0800 (PST) Received: from wintermute.sekt7.org (146-115-74-28.c5-0.brl-ubr1.sbo-brl.ma.cable.rcn.com [146.115.74.28]) by mail1.javanet.com (8.9.3/8.9.2) with ESMTP id JAA01178; Sun, 7 Jan 2001 09:26:57 -0500 (EST) Date: Sun, 7 Jan 2001 09:30:25 -0500 (EST) From: Evan S X-Sender: kaworu@wintermute.sekt7 To: Kris Kennaway Cc: freebsd-security@FreeBSD.org Subject: Re: changing kernsecurelevel In-Reply-To: <20010107051309.A2018@citusc.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mm, I want secure level to be 2 at times because then I can chflags schg the login.conf file inside the Jail, and limit cpu usage, memory usage, incase anyone fork bombs. That's alright though, I am working on giving a jail its own secure level, and its going pretty well.. Thanks, Evan Sarmiento (kaworu@sektor7.ath.cx) http://sekt7.org/es On Sun, 7 Jan 2001, Kris Kennaway wrote: > On Fri, Jan 05, 2001 at 09:30:22PM -0500, Evan S wrote: > > I know this may seem crazy. But, I _want_ to be able to lower the secure > > level. What part of the soruce would I need to edit in order to fix this? > > > > I have some special circumstances.. I run a public root-access machine. > > In case the point has not been made sufficiently yet: if you have a > public root-access machine, and root can lower securelevel, then you > lose all protection from running at securelevel and might as well just > leave it at -1 from the beginning. > > Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message