From owner-freebsd-questions@FreeBSD.ORG Sat Jul 26 16:36:42 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0E4837B401 for ; Sat, 26 Jul 2003 16:36:42 -0700 (PDT) Received: from asarian-host.net (mail.asarian-host.net [194.109.160.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C54343F85 for ; Sat, 26 Jul 2003 16:36:41 -0700 (PDT) (envelope-from admin@asarian-host.net) Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email accounts can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by mail.asarian-host.net (8.12.9/8.12.9) id h6QNae01086232 for freebsd-questions@freebsd.org; Sun, 27 Jul 2003 01:36:40 +0200 (CEST) (envelope-from admin@asarian-host.net) From: Mark Message-Id: <200307262336.H6QNAD03086214@asarian-host.net> Date: Sat, 26 Jul 2003 23:36:39 GMT X-Authenticated-Sender: admin@asarian-host.net X-Trace: ro9e9HnpA2/NMgPC2zZOOe/jVkpJliSykra5+rF/PVRQ1z1mu/C5aevL9TJt4vCgFQwv29ag2VppO1jyUuOguQ== X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers X-Abuse-Info: Otherwise we are unable to process your complaint Organization: Asarian-host To: "Jerry McAllister" References: <200307262319.h6QNJZSG010945@clunix.cl.msu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Auth: Asarian-host PGP signature iQEVAwUAPyMQhzFqW1BleBN9AQGSFAf7B3vEl5QjMMn2BEQJI+FUZo5jA4BYW636 /6cxsypg+Vz/jB5R7+hNqZKCaPb9UHZabTOT2Kqgn5J4ZUU9j4zf4WARW0vfIB7b jrKXQeudTDFAPnZa3dVz19FBmgRScgEJraKQQirLEQFxeZcPvoyglU0FjlqL75MM Xct2YljUowBpUTC657pT7QnZBrUZDq5kqyJDlXxLvD7uPJw+CYBAXSBEA17LoITr TxWt6+U/WxSQvqw9nuP6G0aw+/PREB8f+s6PM7JUlv7qiRgkUxQ4ZXASf/UXjIe+ HMmwGnMmLKyiXVn0GKW60yAx1txXiBUBvGKhRDw3moBBiMvJxuF+tg== =yHkX cc: freebsd-questions@freebsd.org Subject: Re: Unable to open /dev/io X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 23:36:43 -0000 ----- Original Message ----- From: "Jerry McAllister" To: "Mark" Cc: Sent: Sunday, July 27, 2003 1:20 AM Subject: Re: Unable to open /dev/io > > Earlier, I had asked a question on how to write a byte to the parallel > > port. And Daan Vreeken was kind enough to point me to a litle c-source > > that uses /dev/io. > > > > Unfortunately, as I just found out, when I raise kern.securelevel to 2 > > (FreeBSD 4.7R), I can no longer open /dev/io for writing. :( That means > > I can no longer use this method; because there is no way I will allow my > > production server to run at kern.securelevel lower than 2. Which means I > > am back to square one. :( > > > > Sigh. Is there then no way to write a simple 0 or 1 to the parallel > > port, without compromizing the security of the server at large? > > Do you really need to set the secure level to 2? Yes. :) Because, as the man-pages say, "This level precludes tampering with filesystems by unmounting them." Besides, even on securelevel 1 you can no longer open /dev/io for writing. So, that would mean I'd have to drop all the way to securelevel 0; and that is a steep fall. > What for? I may not run the Pentagon, but I maintain certain security standards. :) One of them is, that I do not lower the entire server to "Insecure mode" just so I can side-step a certain problem. If I start taking short-cuts like that, I might as well quit tomorrow. - Mark