Date: Fri, 5 Jan 2001 19:31:35 -0700 (MST) From: "David G. Andersen" <dga@pobox.com> To: kaworu@sektor7.ath.cx (Evan S) Cc: emechler@techometer.net (Erick Mechler), peter@sysadmin-inc.com (Peter Brezny), freebsd-security@FreeBSD.ORG Subject: Re: changing kernsecurelevel Message-ID: <200101060231.TAA24752@faith.cs.utah.edu> In-Reply-To: <Pine.GSO.4.10.10101052129290.4678-100000@wintermute.sekt7> from "Evan S" at Jan 05, 2001 09:30:22 PM
next in thread | previous in thread | raw e-mail | index | archive | help
Grep the source, luke. :)
/usr/src/sys/kern/kern_mib.c
if (level < securelevel)
return (EPERM);
If you remove these two lines, you'll demolish the point of
securelevels.. er, you'll accomplish what you want. :-)
-Dave
Lo and behold, Evan S once said:
>
> I know this may seem crazy. But, I _want_ to be able to lower the secure
> level. What part of the soruce would I need to edit in order to fix this?
>
> I have some special circumstances.. I run a public root-access machine.
>
> Thanks,
>
> Evan Sarmiento (kaworu@sektor7.ath.cx)
> http://sekt7.org/es
>
> On Fri, 5 Jan 2001, Erick Mechler wrote:
>
> > You can't change the securelevel to anything lower without rebooting
> > the machine, but you can raise it. If you could lower it using some
> > userland command, it won't really be that secure, no?
> >
> > >From the securelevel manpage:
> >
> > The kernel runs with four different levels of security. Any super-user
> > process can raise the security level, but no process can lower it.
> >
> > The securelevel definitions are also on the same manpage.
> >
> > Regards,
> > Erick
> >
> > At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this:
> > :: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting
> > :: the machine.
> > ::
> > :: I've run into problems installing new kernels with a kernelsecure level of
> > :: 2, but so far, the only way I've figured out to change the kernel secure
> > :: level is to modify rc.conf, changing the secure level and rebooting the
> > :: machine.
> > ::
> > :: How do i accomplish this without a reboot, or, if i am going at it all
> > :: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2?
> > ::
> > :: TIA
> > ::
> > :: Peter Brezny
> > :: SysAdmin Services Inc.
> > ::
> > ::
> > ::
> > :: To Unsubscribe: send mail to majordomo@FreeBSD.org
> > :: with "unsubscribe freebsd-security" in the body of the message
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101060231.TAA24752>