From owner-freebsd-current  Sat Oct  5 20:41:16 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id UAA05591
          for current-outgoing; Sat, 5 Oct 1996 20:41:16 -0700 (PDT)
Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA05582
          for <current@freebsd.org>; Sat, 5 Oct 1996 20:41:10 -0700 (PDT)
Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.0/CET-v2.1) with SMTP id DAA05809 for <current@freebsd.org>; Sun, 6 Oct 1996 03:41:00 GMT
Date: Sun, 6 Oct 1996 12:41:00 +0900 (JST)
From: Michael Hancock <michaelh@cet.co.jp>
To: current@freebsd.org
Subject: secure level diffs to kern_mib.c, LINT
In-Reply-To: <Pine.SV4.3.93.961005075253.29020A-100000@parkplace.cet.co.jp>
Message-ID: <Pine.SV4.3.93.961006123112.5756A-100000@parkplace.cet.co.jp>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

FreeBSD defaults securelevel to -1, use the following diffs if you prefer
normal bsd operations or want a choice.  Man init(8) for details.

systm.h also has securelevel related comments.  The note about securelevel
initialization in .bss is controversial, please draw your own conclusions.

Regards,


Mike Hancock


*** /sys/kern/kern_mib.c	Sun Sep 29 00:53:30 1996
--- kern_mib.c	Sun Oct  6 12:07:58 1996
***************
*** 112,118 ****
--- 112,122 ----
  SYSCTL_STRING(_kern, KERN_HOSTNAME, hostname, CTLFLAG_RW,
  	hostname, sizeof(hostname), "");
  
+ #ifdef SECURE_MODE
+ int securelevel;
+ #else
  int securelevel = -1;
+ #endif
  
  static int
  sysctl_kern_securelvl SYSCTL_HANDLER_ARGS


Documentation for SECURE_MODE in LINT...

*** /sys/i386/conf/LINT	Sun Oct  6 02:16:19 1996
--- LINT	Sun Oct  6 12:18:10 1996
***************
*** 54,59 ****
--- 54,64 ----
  options		EXTRAVNODES=1
  
  #
+ # For convenience FreeBSD initializes securelevel to -1.  You might
+ # prefer secure mode when in multi-user mode.  man init(8) for details.
+ options		SECURE_MODE
+ 
+ #
  # A math emulator is mandatory if you wish to run on hardware which
  # does not have a floating-point processor.  Pick either the original,
  # bogus (but freely-distributable) math emulator, or a much more