Date: Tue, 07 Sep 1999 10:21:53 +0900 From: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> To: dillon@apollo.backplane.com Cc: des@flood.ping.uio.no, kato@ganko.eps.nagoya-u.ac.jp, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel Message-ID: <19990907102153R.kato@gneiss.eps.nagoya-u.ac.jp> In-Reply-To: Your message of "Mon, 6 Sep 1999 08:39:54 -0700 (PDT)" <199909061539.IAA74893@apollo.backplane.com> References: <199909061539.IAA74893@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon <dillon@apollo.backplane.com> wrote: > Though, as a side note, it should be noted that if you have DDB > enabled then lowering the secure level is pretty easy to do. If you > have access to the console, of course. We used this trick at BEST > a couple of times. Still, I think this might qualify as a bug in > the securelevel implementation. I also think it should be in manual page. But, I don't think it should be called `bug.' When an administrator maintains a machine with higher security, he/she must be careful with not only the securelevel also many other points, and may remove options for kernel hackers. -----------------------------------------------+--------------------------+ KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> | FreeBSD | Dept. Earth Planet. Sci, Nagoya Univ. | The power to serve! | Nagoya, 464-8602, Japan | http://www.FreeBSD.org/ | ++++ FreeBSD(98) 3.2: Rev. 01 available! |http://www.jp.FreeBSD.org/| ++++ FreeBSD(98) 2.2.8: Rev. 02 available! +==========================+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990907102153R.kato>