From owner-freebsd-security Sat Apr 18 16:11:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA22783 for freebsd-security-outgoing; Sat, 18 Apr 1998 16:11:23 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from nash.pr.mcs.net (nash.pr.mcs.net [204.95.47.72]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA22751 for ; Sat, 18 Apr 1998 23:11:12 GMT (envelope-from alex@nash.pr.mcs.net) Received: (from alex@localhost) by nash.pr.mcs.net (8.8.8/8.8.7) id SAA03638; Sat, 18 Apr 1998 18:10:07 -0500 (CDT) (envelope-from alex) Message-Id: <199804182310.SAA03638@nash.pr.mcs.net> Date: Sat, 18 Apr 1998 18:10:06 -0500 (CDT) From: Alex Nash Subject: Re: kernel permissions To: robert+freebsd@cyrus.watson.org cc: regnauld@deepo.prosa.dk, freebsd-security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On 18 Apr, Robert Watson wrote: > On Fri, 17 Apr 1998, Philippe Regnauld wrote: > >> Suggestion: how difficult would it be to have ipfw(8) respect >> the securelevel to, for example, refuse to flush / alter >> the ipfw list ? >> >> i.e.: all mods have to be tested before the securelevel is raised, >> and once it is, only rebooting into single user on the console >> allows you to change the filters. We've had this for about two years now. > Having just browsed the kernel source a little, it looks like indeed this > is currently implemented. The comment is a little obscure: > > /* only allow get calls if secure mode > 2 */ > if (securelevel > 2) { > if (m) (void)m_free(m); > return(EPERM); > > But what it actually means is, only allow non-get calls if securemode > 2. Huh? It means what it says: only allow get calls if securelevel > 2. Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message