Date: Thu, 7 Sep 2000 23:59:52 +0200 (CEST) From: Paul Herman <pherman@frenchfries.net> To: "Zach N. Heilig" <zach@uffdaonline.net> Cc: freebsd-current@FreeBSD.ORG, Vivek Khera <khera@kcilink.com> Subject: Re: call for testers: init securelevel patch Message-ID: <Pine.BSF.4.21.0009072354040.279-100000@bagabeedaboo.security.at12.de> In-Reply-To: <20000907152923.A57609@murkwood.znh.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Sep 2000, Zach N. Heilig wrote: > On Thu, Sep 07, 2000 at 06:33:20PM +0200, Paul Herman wrote: > > > Here is a patch which will allow init(8) (or rather, any process with > > PID 1) to lower the securelevel to 0 when going into single-user > > maintenence mode. This has no effect if securelevel is -1. > > This was the behavior a while back. It was removed on purpose. (because > an attacker could attach to PID 1 with a debugger and cause it to lower > secure level without going to single user mode.) You can't trace PID 1 when securelevel > 0. /src/sys/kern/subr_process.c So I think it's still safe... -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009072354040.279-100000>