From owner-freebsd-current Thu Oct 3 17:48:32 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA17340 for current-outgoing; Thu, 3 Oct 1996 17:48:32 -0700 (PDT) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA17321 for ; Thu, 3 Oct 1996 17:48:29 -0700 (PDT) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.0/CET-v2.1) with SMTP id AAA21159; Fri, 4 Oct 1996 00:48:10 GMT Date: Fri, 4 Oct 1996 09:48:10 +0900 (JST) From: Michael Hancock To: Garrett Wollman cc: current@freebsd.org Subject: Re: Immutable flags (was: Re: WARNING: botched ld.so commit! :-() In-Reply-To: <9610031334.AA12862@halloran-eldar.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 3 Oct 1996, Garrett Wollman wrote: > < said: > > > /kernel is marked immutable. I'd like to be able to configure systems > > such that you can't change the flags unless you are in single user mode > > even if you're root. > > sysctl -w kern.securelevel=0 #in /etc/rc.local How many deamons are running by the time you get to this line? This isn't satisfactory, I don't want the -1 to 0 window fullstop. This is a yet another 4.4 advance over other Unix implementations, yet we hide it. If this security level stuff has a holes in it we are unlikely to find them and fix them if the initialization isn't exported to us in kernel config because hardly anyone will use it. The false sense of security argument is bogus. Why can't we export it like all the other BSDs? They call it INSECURE which toggles -1 or 0, we can call it something else following the "principle of least astonishment to newbies". options INITIAL_SECURITY_LEVEL=0 #man init for details Regards, Mike