Date: Thu, 14 Sep 2000 06:54:55 +0200 (CEST) From: Leif Neland <leifn@neland.dk> To: Paul Herman <pherman@frenchfries.net> Cc: Vivek Khera <khera@kciLink.com>, freebsd-current@FreeBSD.ORG Subject: Re: call for testers: init securelevel patch Message-ID: <Pine.BSF.4.21.0009140652020.32667-100000@arnold.neland.dk> In-Reply-To: <Pine.BSF.4.21.0009081717590.315-100000@bagabeedaboo.security.at12.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 8 Sep 2000, Paul Herman wrote: > On Fri, 8 Sep 2000, Vivek Khera wrote: > > > >>>>> "BE" == Bruce Evans <bde@zeta.org.au> writes: > > > > BE> revision 1.9 > > BE> date: 1997/06/25 07:31:47; author: joerg; state: Exp; lines: +2 -2 > > BE> Don't ever allow lowering the securelevel at all. Allowing it does > > BE> nothing good except of opening a can of (potential or real) security > > BE> holes. People maintaining a machine with higher security requirements > > BE> need to be on the console anyway, so there's no point in not forcing > > BE> them to reboot before starting maintenance. > > > > Perhaps one of the secure level restrictions should be that you cannot > > attach to pid 1 via the debugger. > > You can't. > > Ever since Apr 1997 you couldn't attach gdb to init. > How is that done? Will gdb not attach to init, or will init not let gdb attach? If the former, then badguy can just use a custom gdb... Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009140652020.32667-100000>