From owner-freebsd-security  Mon Jul 28 19:53:41 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id TAA28666
          for security-outgoing; Mon, 28 Jul 1997 19:53:41 -0700 (PDT)
Received: from thought.res.cmu.edu (THOUGHT.RES.CMU.EDU [128.2.94.7])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA28651
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 19:53:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by thought.res.cmu.edu (8.8.5/8.6.12) with SMTP id WAA27482; Mon, 28 Jul 1997 22:52:38 -0400 (EDT)
Date: Mon, 28 Jul 1997 22:52:37 -0400 (EDT)
From: Brian Buchanan <brian@thought.res.cmu.edu>
To: Vincent Poy <vince@mail.MCESTATE.COM>
cc: security@FreeBSD.ORG
Subject: Re: security hole in FreeBSD
In-Reply-To: <Pine.BSF.3.95.970728190107.3844c-100000@mail.MCESTATE.COM>
Message-ID: <Pine.BSF.3.96.970728224743.26892J-100000@thought.res.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 28 Jul 1997, Vincent Poy wrote:

> =)> 	I know but when all the admins are remote, it has to be done
> =)> multiuser.  Is there a way to push the secure level up to 2 and then push
> =)> it down when a make world is needed?
> =)
> =)It wouldn't be very secure then would it.
> 
> 	You're right about that one.  But wouldn't it still be possible to
> kill the init process?

That'll either take the system into single-user mode, cause it to reboot,
or cause it to halt.  I forget which.  No matter which of those happens,
it won't put the system back into multi-user with a lower securelevel,
assuming you have the kernel go secure at startup (which you should if you
intend to use securelevel).