From owner-freebsd-current Fri Oct 4 16:23:40 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA01175 for current-outgoing; Fri, 4 Oct 1996 16:23:40 -0700 (PDT) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA01164 for ; Fri, 4 Oct 1996 16:23:36 -0700 (PDT) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.0/CET-v2.1) with SMTP id XAA29208; Fri, 4 Oct 1996 23:23:14 GMT Date: Sat, 5 Oct 1996 08:23:14 +0900 (JST) From: Michael Hancock Reply-To: Michael Hancock To: Garrett Wollman cc: current@freebsd.org Subject: Re: Immutable flags (was: Re: WARNING: botched ld.so commit! :-() In-Reply-To: <9610041429.AA18858@halloran-eldar.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 4 Oct 1996, Garrett Wollman wrote: > < said: > > >> sysctl -w kern.securelevel=0 #in /etc/rc.local > > > How many deamons are running by the time you get to this line? > > > This isn't satisfactory, I don't want the -1 to 0 window fullstop. > > THERE IS NO OPERATIONAL DIFFERENCE BETWEEN -1 AND 0. Period. There's a difference when you initialize it and this is different from securelevel operational mode when in multi-user mode. > The ONLY difference is in what /sbin/init does AFTER /etc/rc is finished > executing. This is all documented in the init(8) man page; there is > no excuse for you not reading it. The man pages don't tell me anything about when this happens. > -1 Permanently insecure mode - always run system in level 0 mode. > > 0 Insecure mode - immutable and append-only flags may be turned off. > All devices may be read or written subject to their permissions. Added part you deleted. 1 Secure mode - immutable and append-only flags may not be changed; disks for mounted filesystems, /dev/mem, and /dev/kmem are read-only. 2 Highly secure mode - same as secure mode, plus disks are always read-only whether mounted or not. This level precludes tampering with filesystems by unmounting them, but also inhibits running newfs(8) while the system is multi-user. I initialize securelevel to 0 if I want securelevel 1 as the operational mode for multi-user. > > Normally, the system runs in level 0 mode while single user and in level > 1 mode while multiuser. If the level 2 mode is desired while running > multiuser, it can be set in the startup script /etc/rc using sysctl(8). Normally, but not FreeBSD. It does this ... If it is desired to run the system in level 0 mode while multiuser, the administrator must build a kernel with the variable securelevel defined in the file /sys/compile/MACHINE/param.c and initialize it to -1. Originally, 4.4BSD just didn't initialize securelevel, so it when into .bss and was zfod'ed by the system. FreeBSD hardcodes it to permanently insecure. Regards, Mike