From owner-freebsd-security@FreeBSD.ORG Wed Feb 11 06:28:30 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA40316A4CE for ; Wed, 11 Feb 2004 06:28:30 -0800 (PST) Received: from redix.it (host49-169.pool8172.interbusiness.it [81.72.169.49]) by mx1.FreeBSD.org (Postfix) with SMTP id 430C643D2F for ; Wed, 11 Feb 2004 06:28:29 -0800 (PST) (envelope-from roberto@redix.it) Received: (qmail 23538 invoked by uid 72); 11 Feb 2004 14:28:25 -0000 Received: from 192.168.0.77 (SquirrelMail authenticated user roberto) by mail.redix.it with HTTP; Wed, 11 Feb 2004 15:28:25 +0100 (CET) Message-ID: <1275.192.168.0.77.1076509705.squirrel@mail.redix.it> In-Reply-To: <402A3118.7070905@hfbk-hamburg.de> References: <1171.192.168.0.77.1076505166.squirrel@mail.redix.it> <402A3118.7070905@hfbk-hamburg.de> Date: Wed, 11 Feb 2004 15:28:25 +0100 (CET) From: roberto@redix.it To: "tilo KREMER" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: freebsd-security@freebsd.org Subject: Re: Question about securelevel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2004 14:28:30 -0000 > > you do not need to go single user to change it. just remove the > securelevel lines from /etc/rc.conf and reboot. > > greetings, > tilo > As said, the root filesystem is read-only and the command "mount -uw /" should be in disabled when securelevel==3, in my ideal kernel. Actually the command "mount -uw /" will succeded when the securelevel==3, but supposing should be not so difficult to change the FreeBSD kernel, this (securelevel+readonly filesystem) could address the weakness of securelevel+non-read-only filesystem. Regards Roberto