Date: Fri, 5 Jan 2001 22:34:26 -0500 From: Pete Fritchman <petef@databits.net> To: Evan S <kaworu@sektor7.ath.cx> Cc: freebsd-security@FreeBSD.ORG Subject: Re: changing kernsecurelevel Message-ID: <20010105223426.C14203@databits.net> In-Reply-To: <Pine.GSO.4.10.10101052129290.4678-100000@wintermute.sekt7>; from kaworu@sektor7.ath.cx on Fri, Jan 05, 2001 at 09:30:22PM -0500 References: <20010105182040.A62789@techometer.net> <Pine.GSO.4.10.10101052129290.4678-100000@wintermute.sekt7>
next in thread | previous in thread | raw e-mail | index | archive | help
If you really want to temporarily lower it for an install, you could change your /etc/rc.conf value, reboot, install, change /etc/rc.conf back, reboot. If you modified your source to allow lowering of sercurelevel and then still used it, you'd be destroying any hint of what securelevel does for you. -pete ++ 05/01/01 21:30 -0500 - Evan S: >I know this may seem crazy. But, I _want_ to be able to lower the secure >level. What part of the soruce would I need to edit in order to fix this? > >I have some special circumstances.. I run a public root-access machine. > >Thanks, > >Evan Sarmiento (kaworu@sektor7.ath.cx) >http://sekt7.org/es > >On Fri, 5 Jan 2001, Erick Mechler wrote: > >> You can't change the securelevel to anything lower without rebooting >> the machine, but you can raise it. If you could lower it using some >> userland command, it won't really be that secure, no? >> >> >From the securelevel manpage: >> >> The kernel runs with four different levels of security. Any super-user >> process can raise the security level, but no process can lower it. >> >> The securelevel definitions are also on the same manpage. >> >> Regards, >> Erick >> >> At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this: >> :: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting >> :: the machine. >> :: >> :: I've run into problems installing new kernels with a kernelsecure level of >> :: 2, but so far, the only way I've figured out to change the kernel secure >> :: level is to modify rc.conf, changing the secure level and rebooting the >> :: machine. >> :: >> :: How do i accomplish this without a reboot, or, if i am going at it all >> :: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2? >> :: >> :: TIA >> :: >> :: Peter Brezny >> :: SysAdmin Services Inc. >> :: >> :: >> :: >> :: To Unsubscribe: send mail to majordomo@FreeBSD.org >> :: with "unsubscribe freebsd-security" in the body of the message >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message -- Pete Fritchman <petef@databits.net> Databits Network Services, Inc. <http://databits.net>; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010105223426.C14203>