Date: Sat, 26 Jul 2003 23:36:39 GMT From: Mark <admin@asarian-host.net> To: "Jerry McAllister" <jerrymc@clunix.cl.msu.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Unable to open /dev/io Message-ID: <200307262336.H6QNAD03086214@asarian-host.net> References: <200307262319.h6QNJZSG010945@clunix.cl.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Jerry McAllister" <jerrymc@clunix.cl.msu.edu> To: "Mark" <admin@asarian-host.net> Cc: <freebsd-questions@freebsd.org> Sent: Sunday, July 27, 2003 1:20 AM Subject: Re: Unable to open /dev/io > > Earlier, I had asked a question on how to write a byte to the parallel > > port. And Daan Vreeken was kind enough to point me to a litle c-source > > that uses /dev/io. > > > > Unfortunately, as I just found out, when I raise kern.securelevel to 2 > > (FreeBSD 4.7R), I can no longer open /dev/io for writing. :( That means > > I can no longer use this method; because there is no way I will allow my > > production server to run at kern.securelevel lower than 2. Which means I > > am back to square one. :( > > > > Sigh. Is there then no way to write a simple 0 or 1 to the parallel > > port, without compromizing the security of the server at large? > > Do you really need to set the secure level to 2? Yes. :) Because, as the man-pages say, "This level precludes tampering with filesystems by unmounting them." Besides, even on securelevel 1 you can no longer open /dev/io for writing. So, that would mean I'd have to drop all the way to securelevel 0; and that is a steep fall. > What for? I may not run the Pentagon, but I maintain certain security standards. :) One of them is, that I do not lower the entire server to "Insecure mode" just so I can side-step a certain problem. If I start taking short-cuts like that, I might as well quit tomorrow. - Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307262336.H6QNAD03086214>