From owner-freebsd-security Wed May 9 17:13:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from chalfont.mail.uk.easynet.net (chalfont.mail.uk.easynet.net [195.40.1.44]) by hub.freebsd.org (Postfix) with ESMTP id 1FA9437B423 for ; Wed, 9 May 2001 17:13:56 -0700 (PDT) (envelope-from steve@pavilion.net) Received: from mushroom.systems.pavilion.net (mushroom.systems.pavilion.net [212.74.1.186]) by chalfont.mail.uk.easynet.net (Postfix) with ESMTP id 195C0F81D5; Thu, 10 May 2001 01:12:16 +0100 (BST) Received: by mushroom.systems.pavilion.net (Postfix, from userid 1002) id A8AE213151; Thu, 10 May 2001 01:07:35 +0100 (BST) Date: Thu, 10 May 2001 01:07:35 +0100 From: Steve Peck To: Steve Peck Cc: security@FreeBSD.ORG Subject: Re: kernel security level Message-ID: <20010510010735.C67755@pavilion.net> References: <20010509200921.A65710@pavilion.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010509200921.A65710@pavilion.net>; from steve.peck@uk.easynet.net on Wed, May 09, 2001 at 08:09:21PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, OK, I've got it all working now :-))) On Wed, May 09, 2001 at 08:09:21PM +0100, Steve Peck wrote: > Hi, > > I've installed the FreeBSD 4.3 > > And I got this strange problem where the kern.sercurelevel was set to 1. > > I had a version of 4.2 which just defaults to -1. > its set in /etc/rc.conf > Is this something new? > no > Although it seems like a good idea, I had much trouble finding out why > I couldn't run X windows. Soon as I found a reference to this /dev/mem > suddenly was permitted and X started up - but only as root :-(. > > I have since found that I can run X (as root) on kern.securelevel = 0 > But if I set it to this via /etc/sysctl.conf it just gets upgraded to > level 1! So, I now have it set to level -1 in /etc/sysctl.conf. > > If I did want to run at level 0 then I would have to upgrade it manually > By loggin in as root and doing > # sysctl - w kern.securelevel=0 > every reboot :-( > No - just set it in /etc/rc.conf ---see man init > Now, have I done something stangely bad during my install. > Yes - messed it all up in /stand/sysinstall > I just ftp'd it from the ftp.uk.FreeBSD.org site. > > If I try to startx as a user then I now get > > Fatal server error: > xf86OpeConsole:Server must be suid root > The server (in /etc/X11R6/bin) has to be chmod +s Thank you to the people who helped me. Cheers Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message