From owner-freebsd-security Fri Jan 5 18:20:49 2001 From owner-freebsd-security@FreeBSD.ORG Fri Jan 5 18:20:47 2001 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by hub.freebsd.org (Postfix) with ESMTP id 7428E37B400 for ; Fri, 5 Jan 2001 18:20:47 -0800 (PST) Received: (from emechler@localhost) by radix.cryptio.net (8.11.0/8.11.0) id f062KeG62878; Fri, 5 Jan 2001 18:20:40 -0800 (PST) Date: Fri, 5 Jan 2001 18:20:40 -0800 From: Erick Mechler To: Peter Brezny Cc: freebsd-security@FreeBSD.ORG Subject: Re: changing kernsecurelevel Message-ID: <20010105182040.A62789@techometer.net> References: <001101c0779c$096cc260$46010a0a@sysadmininc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001101c0779c$096cc260$46010a0a@sysadmininc.com>; from Peter Brezny on Fri, Jan 05, 2001 at 08:49:21PM -0800 Sender: emechler@radix.cryptio.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You can't change the securelevel to anything lower without rebooting the machine, but you can raise it. If you could lower it using some userland command, it won't really be that secure, no? From the securelevel manpage: The kernel runs with four different levels of security. Any super-user process can raise the security level, but no process can lower it. The securelevel definitions are also on the same manpage. Regards, Erick At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this: :: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting :: the machine. :: :: I've run into problems installing new kernels with a kernelsecure level of :: 2, but so far, the only way I've figured out to change the kernel secure :: level is to modify rc.conf, changing the secure level and rebooting the :: machine. :: :: How do i accomplish this without a reboot, or, if i am going at it all :: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2? :: :: TIA :: :: Peter Brezny :: SysAdmin Services Inc. :: :: :: :: To Unsubscribe: send mail to majordomo@FreeBSD.org :: with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message