From owner-freebsd-questions Thu Jun 14 21:23:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailg.telia.com (mailg.telia.com [194.22.194.26]) by hub.freebsd.org (Postfix) with ESMTP id CC3CC37B401 for ; Thu, 14 Jun 2001 21:23:32 -0700 (PDT) (envelope-from ertr1013@student.uu.se) Received: from d1o913.telia.com (d1o913.telia.com [195.252.44.241]) by mailg.telia.com (8.11.2/8.11.0) with ESMTP id f5F4NUJ05400 for ; Fri, 15 Jun 2001 06:23:30 +0200 (CEST) Received: from ertr1013.student.uu.se (h185n2fls20o913.telia.com [212.181.163.185]) by d1o913.telia.com (8.8.8/8.8.8) with SMTP id GAA01700 for ; Fri, 15 Jun 2001 06:23:30 +0200 (CEST) Received: (qmail 80710 invoked by uid 1001); 15 Jun 2001 04:23:06 -0000 Date: Fri, 15 Jun 2001 06:23:06 +0200 From: Erik Trulsson To: dmp Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Can still mount/umount with kern.securelevel=2? Message-ID: <20010615062305.A79476@student.uu.se> Mail-Followup-To: dmp , freebsd-questions@FreeBSD.ORG References: <3B298B4E.25759FA5@pantherdragon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B298B4E.25759FA5@pantherdragon.org>; from dmp@pantherdragon.org on Thu, Jun 14, 2001 at 09:13:02PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jun 14, 2001 at 09:13:02PM -0700, dmp wrote: > I have a 4.3-R machine running at securelevel 2, and I can still mount > and umount volumes. I thought securelevel 2 was supposed to prevent > this? You thought wrong. :-) Looking at the descriptions of the various securelevels in the manpage for init(8) it seems that mount/umount is allowed at all secure-levels. The notes for securelvel2 says: 2 Highly secure mode - same as secure mode, plus disks may not be opened for writing (except by mount(2)) whether mounted or not. This level precludes tampering with filesystems by unmounting them, but also inhibits running newfs(8) while the system is multi-user. Note that comment about mount(2). What it means is that under securelevel 2 you cannot access the raw disk device itself. You can mount a disk and access it through the filesystem but not in any other way. -- Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message