From owner-freebsd-security  Tue Jul  2 02:14:30 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA14191
          for security-outgoing; Tue, 2 Jul 1996 02:14:30 -0700 (PDT)
Received: from sk2eu.eunet.sk (sk2eu.EUnet.sk [192.108.130.33])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id CAA14169
          for <freebsd-security@freebsd.org>; Tue, 2 Jul 1996 02:14:15 -0700 (PDT)
Received: from softec.sk by sk2eu.eunet.sk with UUCP id AA09639
  Tue, 2 Jul 1996 11:14:02 +0200
Subject: securelevel and modload
To: freebsd-security@freebsd.org
Date: Tue, 2 Jul 1996 11:01:41 +0200 (CET)
From: Zoltan Basti <zbs@softec.softec.sk>
X-Mailer: ELM [version 2.4 PL21]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id:  <9607021101.aa20796@softec.softec.sk>
X-Charset: ASCII
X-Char-Esc: 29
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Hello there,

I think the FreeBSD kernel securelevel functionality together with
the schg and sappnd flags are a very good idea to make systems
more secure. I like the idea of unchangable securelevel,
unchangable flags etc. But I don't know whether this
all securelevel stuff can be eliminated by a 
loadable kernel module, which, say, changes the value of 
the variable securelevel. 

So what's the situation? 

Anyway, from a security point of view I would like to completely
disable loadable kernel modules. Is there a way to do it?

Thanks in advance,
-- 
Zoltan Basti