From owner-freebsd-security Mon Oct 18 1:31: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from fever.semiotek.com (H253.C225.tor.velocet.net [216.126.82.253]) by hub.freebsd.org (Postfix) with ESMTP id 8B0AE14DDC for ; Mon, 18 Oct 1999 01:31:07 -0700 (PDT) (envelope-from jread@fever.semiotek.com) Received: (from jread@localhost) by fever.semiotek.com (8.9.3/8.9.3) id EAA01852; Mon, 18 Oct 1999 04:30:39 -0400 (EDT) (envelope-from jread) Date: Mon, 18 Oct 1999 04:30:39 -0400 From: Justin Wells To: Dag-Erling Smorgrav Cc: Justin Wells , Doug , Antoine Beaupre , Mike Nowlin , "Rashid N. Achilov" , freebsd-security@FreeBSD.ORG Subject: Re: kern.securelevel and X Message-ID: <19991018043039.B1711@semiotek.com> References: <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com> <380A1E2C.CCA326F5@gorean.org> <19991018024704.A512@semiotek.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 18, 1999 at 09:55:32AM +0200, Dag-Erling Smorgrav wrote: > Justin Wells writes: > > 1) securelevel does not stop root from remounting / read-write, > > since mount is specifically excepted (I tried it too, I was > > able to do a "mount -u -o rw /" at securelevel 3 as root) > > Well, then, fix mount(8) so it won't run at high securelevels. You > know where to find the source code. It's mount(2) that has to be fixed. I suppose I could go and look at it, but I'm not confident that I understand all the different implications of the securelevel stuff at that level. Justin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message