From owner-freebsd-security  Fri Oct  5 23: 9: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from bogart.umail.ucsb.edu (bogart.umail.ucsb.edu [128.111.125.65])
	by hub.freebsd.org (Postfix) with ESMTP id DFD8C37B407
	for <freebsd-security@freebsd.org>; Fri,  5 Oct 2001 23:09:06 -0700 (PDT)
Received: from bergman.umail.ucsb.edu ([128.111.125.61])
	by bogart.umail.ucsb.edu with esmtp (Exim 3.16 #4)
	id 15pke2-0000UA-00
	for freebsd-security@freebsd.org; Fri, 05 Oct 2001 23:09:06 -0700
Date: Fri, 5 Oct 2001 23:09:06 -0700 (PDT)
From: David S Strait <basilisk@umail.ucsb.edu>
To: freebsd-security@freebsd.org
Subject: Kern Secure Level
Message-ID: <Pine.GSO.4.21.0110052303250.18017-100000@bergman.umail.ucsb.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


There is a little discussion about kern secure level in the 'man init'
page, but its somewhat brief.

On Kern level 1, I couldn't get X-windows to work so I wanted to lower
it.  (As it turned out later, this was the solution, and X-win worked.)

I'm running FreeBSD 4.4 REL and basically:
when kern_securelevel="0" in rc.conf, it just hops up to 1???????
But if you leave it: kern_securelevel="-1" or kern_securelevel="1", then
it will go to -1, 1 respectively.  Why on 0 does the level get bounced to
1?

Is there a *serious* security issue with kern levels -1 and 0?


Thanks.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message