Date: Thu, 7 Sep 2000 15:29:23 -0500 From: "Zach N. Heilig" <zach@uffdaonline.net> To: Paul Herman <pherman@frenchfries.net> Cc: freebsd-current@freebsd.org, Vivek Khera <khera@kcilink.com> Subject: Re: call for testers: init securelevel patch Message-ID: <20000907152923.A57609@murkwood.znh.org> In-Reply-To: <27A0189D7DCC8869C6B714D2@mail.uffdaonline.net>; from pherman@frenchfries.net on Thu, Sep 07, 2000 at 06:33:20PM %2B0200 References: <27A0189D7DCC8869C6B714D2@mail.uffdaonline.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 07, 2000 at 06:33:20PM +0200, Paul Herman wrote: > Here is a patch which will allow init(8) (or rather, any process with > PID 1) to lower the securelevel to 0 when going into single-user > maintenence mode. This has no effect if securelevel is -1. > > Feedback welcome -- there may be security implications I'm not aware > of. If this is well recieved, I will tack it onto bin/20974 for > further review and commit into -CURRENT. This was the behavior a while back. It was removed on purpose. (because an attacker could attach to PID 1 with a debugger and cause it to lower secure level without going to single user mode.) -- Zach Heilig <zach@uffdaonline.net> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000907152923.A57609>