From owner-freebsd-current  Sun Oct  6 06:51:05 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id GAA16694
          for current-outgoing; Sun, 6 Oct 1996 06:51:05 -0700 (PDT)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id GAA16689
          for <freebsd-current@FreeBSD.org>; Sun, 6 Oct 1996 06:51:02 -0700 (PDT)
Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id PAA15080 for <freebsd-current@FreeBSD.org>; Sun, 6 Oct 1996 15:51:01 +0200
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id PAA12099 for freebsd-current@FreeBSD.org; Sun, 6 Oct 1996 15:51:00 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.7.5/8.6.9) id PAA07635 for freebsd-current@FreeBSD.org; Sun, 6 Oct 1996 15:44:22 +0200 (MET DST)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199610061344.PAA07635@uriah.heep.sax.de>
Subject: Re: secure level diffs to kern_mib.c, LINT
To: freebsd-current@FreeBSD.org (FreeBSD-current users)
Date: Sun, 6 Oct 1996 15:44:22 +0200 (MET DST)
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <Pine.SV4.3.93.961006123112.5756A-100000@parkplace.cet.co.jp> from Michael Hancock at "Oct 6, 96 12:41:00 pm"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E 
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-current@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

As Michael Hancock wrote:

> FreeBSD defaults securelevel to -1, use the following diffs if you prefer
> normal bsd operations or want a choice.  Man init(8) for details.

> + #ifdef SECURE_MODE
> + int securelevel;
> + #else
>   int securelevel = -1;
> + #endif

The question is not to make this simple modification to the sources.
However, it has been argued that all the other 4.4BSD descendants use
option `INSECURE' for this, so even though the name is somewhat
misleading, we should perhaps better pick up this one instead.

We still need a backdoor for the X server in order to be able to
default to `secure' mode, at least for workstations.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)