From owner-freebsd-security  Sat Aug 26  0:46:52 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP id 79EDD37B424
	for <freebsd-security@FreeBSD.ORG>; Sat, 26 Aug 2000 00:46:45 -0700 (PDT)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.8.7/8.8.7) with ESMTP id RAA21945;
	Sat, 26 Aug 2000 17:46:27 +1000
Date: Sat, 26 Aug 2000 17:46:21 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-Sender: bde@besplex.bde.org
To: Slawek Zak <zaks@prioris.mini.pw.edu.pl>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Securelevel and rw-remount 
In-Reply-To: <87lmxl170m.fsf@pf39.warszawa.sdi.tpnet.pl>
Message-ID: <Pine.BSF.4.21.0008261740530.2018-100000@besplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 25 Aug 2000, Slawek Zak wrote:

> Could someone tell me why is it possible to remount a read-only
> mounted filesystem read-write after the securelevel is raised to 3? It
> seems dangerous.

Same reasonable as it is possible to use unmount and mount after the
securelevel is raised to 3: someone considered this necessary for
normal operation.  This seems reasonable, since disks can't be written
to at securelevel 3, and a secure system shouldn't have any insecure
devices attached, whether or not they are mounted.

Bruce



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message