From owner-freebsd-hackers  Mon Sep  6 18:26:51 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from eclogite.eps.nagoya-u.ac.jp (eclogite.eps.nagoya-u.ac.jp [133.6.124.145])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8322B14BCC; Mon,  6 Sep 1999 18:26:44 -0700 (PDT)
	(envelope-from kato@ganko.eps.nagoya-u.ac.jp)
Received: from localhost (gneiss.eps.nagoya-u.ac.jp [133.6.124.148])
	by eclogite.eps.nagoya-u.ac.jp (8.9.3/3.7W) with ESMTP id KAA02639;
	Tue, 7 Sep 1999 10:22:24 +0900 (JST)
To: dillon@apollo.backplane.com
Cc: des@flood.ping.uio.no, kato@ganko.eps.nagoya-u.ac.jp,
	bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG,
	freebsd-security@FreeBSD.ORG
Subject: Re: Init(8) cannot decrease securelevel
From: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>
In-Reply-To: Your message of "Mon, 6 Sep 1999 08:39:54 -0700 (PDT)"
	<199909061539.IAA74893@apollo.backplane.com>
References: <199909061539.IAA74893@apollo.backplane.com>
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
X-PGP-Fingerprint: 03 72 85 36 62 46 23 03  52 B1 10 22 44 10 0D 9E
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <19990907102153R.kato@gneiss.eps.nagoya-u.ac.jp>
Date: Tue, 07 Sep 1999 10:21:53 +0900
X-Dispatcher: imput version 980905(IM100)
Lines: 21
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Matthew Dillon <dillon@apollo.backplane.com> wrote:

>     Though, as a side note, it should be noted that if you have DDB
>     enabled then lowering the secure level is pretty easy to do.  If you
>     have access to the console, of course.  We used this trick at BEST
>     a couple of times.  Still, I think this might qualify as a bug in
>     the securelevel implementation.

I also think it should be in manual page.  But, I don't think it
should be called `bug.'

When an administrator maintains a machine with higher security, he/she 
must be careful with not only the securelevel also many other points,
and may remove options for kernel hackers.

-----------------------------------------------+--------------------------+
KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>  |        FreeBSD           |
Dept. Earth Planet. Sci, Nagoya Univ.          |    The power to serve!   |
Nagoya, 464-8602, Japan                        |  http://www.FreeBSD.org/ |
++++ FreeBSD(98) 3.2:   Rev. 01 available!     |http://www.jp.FreeBSD.org/|
++++ FreeBSD(98) 2.2.8: Rev. 02 available!     +==========================+


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message