Date: Mon, 10 Jun 1996 15:02:17 +1000 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, taob@io.org, wollman@lcs.mit.edu Cc: freebsd-security@freebsd.org Subject: Re: Effects of kern.securelevel >= 0 Message-ID: <199606100502.PAA30985@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>>> According to /sys/sys/systm.h, single user mode should be >>> associated with kern.securelevel=0 and multiuser mode with >>> kern.securelevel=1. Should the default /etc/rc have the appropriate >>> sysctl call? >>No. It is automatically increased by init if it starts out as >=0. >>Like the comment in the file says, you should delete the initializer >>in the source file if you want to enable security features. I wrote: >Which comment in which file? You can set it in kern_mib.c but there is >no comment there. Wouldn't setting it to 0 in /etc/rc work the same? The file is /sys/sys/systm.h. Duh. It actually says to change the initializer to _disable_ security features. It then says something bogus about not using explicit initialization to 0 since then the value would be in the kernel data instead of the bss and crhackers would be able to patch it. Patching is best prevented by making the whole file immutable. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606100502.PAA30985>