From owner-freebsd-security  Sun Jun  9 16:45:16 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA13786
          for security-outgoing; Sun, 9 Jun 1996 16:45:16 -0700 (PDT)
Received: from post.io.org (post.io.org [198.133.36.6])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA13774
          for <freebsd-security@freebsd.org>; Sun, 9 Jun 1996 16:45:14 -0700 (PDT)
Received: from zap.io.org (taob@zap.io.org [198.133.36.81]) by post.io.org (8.7.5/8.7.3) with SMTP id TAA15844; Sun, 9 Jun 1996 19:44:11 -0400 (EDT)
Date: Sun, 9 Jun 1996 19:44:16 -0400 (EDT)
From: Brian Tao <taob@io.org>
To: Garrett Wollman <wollman@lcs.mit.edu>
cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: Effects of kern.securelevel >= 0
In-Reply-To: <9606092044.AA08601@halloran-eldar.lcs.mit.edu>
Message-ID: <Pine.NEB.3.92.960609193710.8414F-100000@zap.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 9 Jun 1996, Garrett Wollman wrote:
>
> No.  It is automatically increased by init if it starts out as >=0.

    You mean "<= 0"?  I haven't fiddled with the default startup value
here, and a 'sysctl kern.securelevel' in multiuser mode shows it is
still at level -1.

> That's why, when setting up a secure system, you have to make /etc/rc,
> and all the files it depends on, immutable, and all the important
> system directories append-only.

    This is at kern.securelevel = 1:

# ls -ld /dev
drwxr-xr-x  3 root  wheel  - 15360 Jun  9 17:19 /dev
# chflags sappnd /dev
chflags: /dev: Operation not permitted
# ls -ldo /dev
drwxr-xr-x  3 root  wheel  sappnd 15360 Jun  9 17:19 /dev

    A bogus ENOPERM somewhere?
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"