From owner-freebsd-security  Fri Jan  5 18:27:15 2001
From owner-freebsd-security@FreeBSD.ORG  Fri Jan  5 18:27:13 2001
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mail1.javanet.com (mail1.javanet.com [205.219.162.10])
	by hub.freebsd.org (Postfix) with ESMTP id 2ED3B37B400
	for <freebsd-security@FreeBSD.ORG>; Fri,  5 Jan 2001 18:27:09 -0800 (PST)
Received: from wintermute.sekt7.org (146-115-75-83.c6-0.brl-ubr1.sbo-brl.ma.cable.rcn.com [146.115.75.83])
	by mail1.javanet.com (8.9.3/8.9.2) with ESMTP id VAA10764;
	Fri, 5 Jan 2001 21:26:55 -0500 (EST)
Date: Fri, 5 Jan 2001 21:30:22 -0500 (EST)
From: Evan S <kaworu@sektor7.ath.cx>
X-Sender: kaworu@wintermute.sekt7
To: Erick Mechler <emechler@techometer.net>
Cc: Peter Brezny <peter@sysadmin-inc.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: changing kernsecurelevel
In-Reply-To: <20010105182040.A62789@techometer.net>
Message-ID: <Pine.GSO.4.10.10101052129290.4678-100000@wintermute.sekt7>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I know this may seem crazy. But, I _want_ to be able to lower the secure
level. What part of the soruce would I need to edit in order to fix this?

I have some special circumstances.. I run a public root-access machine.

Thanks,

Evan Sarmiento (kaworu@sektor7.ath.cx)
http://sekt7.org/es

On Fri, 5 Jan 2001, Erick Mechler wrote:

> You can't change the securelevel to anything lower without rebooting
> the machine, but you can raise it.  If you could lower it using some
> userland command, it won't really be that secure, no?
> 
> >From the securelevel manpage:
> 
>      The kernel runs with four different levels of security.  Any super-user
>      process can raise the security level, but no process can lower it.
> 
> The securelevel definitions are also on the same manpage.
> 
> Regards,
> Erick
> 
> At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this:
> :: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting
> :: the machine.
> :: 
> :: I've run into problems installing new kernels with a kernelsecure level of
> :: 2, but so far, the only way I've figured out to change the kernel secure
> :: level is to modify rc.conf, changing the secure level and rebooting the
> :: machine.
> :: 
> :: How do i accomplish this without a reboot, or, if i am going at it all
> :: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2?
> :: 
> :: TIA
> :: 
> :: Peter Brezny
> :: SysAdmin Services Inc.
> :: 
> :: 
> :: 
> :: To Unsubscribe: send mail to majordomo@FreeBSD.org
> :: with "unsubscribe freebsd-security" in the body of the message
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message