From owner-freebsd-hackers  Thu Aug  8 18:21:24 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA29285
          for hackers-outgoing; Thu, 8 Aug 1996 18:21:24 -0700 (PDT)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id SAA29270
          for <freebsd-hackers@freebsd.org>; Thu, 8 Aug 1996 18:21:19 -0700 (PDT)
Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id DAA16693; Fri, 9 Aug 1996 03:20:53 +0200
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id DAA13083; Fri, 9 Aug 1996 03:20:51 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.7.5/8.6.9) id WAA02263; Thu, 8 Aug 1996 22:38:24 +0200 (MET DST)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199608082038.WAA02263@uriah.heep.sax.de>
Subject: Re: Q:Meanings of kern.securelevel values
To: freebsd-hackers@freebsd.org (FreeBSD hackers)
Date: Thu, 8 Aug 1996 22:38:23 +0200 (MET DST)
Cc: thorpej@nas.nasa.gov
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <199608081619.JAA20847@lestat.nas.nasa.gov> from Jason Thorpe at "Aug 8, 96 09:19:22 am"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E 
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

As Jason Thorpe wrote:

(insecure and disklabels)

> Anyhow, there's an example of another thing that the INSECURE option is 
> convenient for under NetBSD.  It's not clear to me that it would apply to 
> FreeBSD at all, but you asked, so... :-)

This one was already clear to me.  I think it's even mentioned in the
man page.

Anyway, it's probably irrelevant for a ``backend server'' where you
usually don't label floppies etc., nor run an X11 server.  (FreeBSD
doesn't have the aperture driver backdoor either, so you can't run an
Xserver on a machine with a raised securelevel.)  But it looks that
secure mode seems realistic for server machines.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)