Date: Wed, 28 May 1997 15:20:40 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-current@FreeBSD.ORG Cc: zbs@softec.sk (Basti, Zoltan) Subject: Re: Lowering securelevel with gdb Message-ID: <19970528152040.QE64825@uriah.heep.sax.de> In-Reply-To: <c=CS%a=_%p=Softec%l=CLEOPATRA-970528105609Z-341@cleopatra.softec.sk>; from Basti, Zoltan on May 28, 1997 12:56:09 %2B0200 References: <c=CS%a=_%p=Softec%l=CLEOPATRA-970528105609Z-341@cleopatra.softec.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
As Basti, Zoltan wrote: > A while ago there has been a discussion on freebsd-security > about the possibility of lowering securelevel by attaching to init > with gdb. Looking at the -current sources it seems to me it > is still not fixed. I think the entire idea that PID 1 is allowed to lower the securelevel basically defeats the securelevel conception. It should go away. If you run a machine with raised securelevel, it's not undue to require a reboot first in order to perform maintenance tasks -- you gotta sit on the console anyway. This would plug all current and potential future security holes in this respect once and for all. Anybody objecting? -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970528152040.QE64825>