From owner-freebsd-security  Thu May 20 23:35:19 1999
Delivered-To: freebsd-security@freebsd.org
Received: from henry.cs.adfa.edu.au (henry.cs.adfa.edu.au [131.236.21.158])
	by hub.freebsd.org (Postfix) with ESMTP id 2AF3E15920
	for <security@freebsd.org>; Thu, 20 May 1999 23:35:12 -0700 (PDT)
	(envelope-from wkt@henry.cs.adfa.edu.au)
Received: (from wkt@localhost)
	by henry.cs.adfa.edu.au (8.9.2/8.9.1) id QAA10497
	for security@freebsd.org; Fri, 21 May 1999 16:35:11 +1000 (EST)
	(envelope-from wkt)
From: Warren Toomey <wkt@henry.cs.adfa.edu.au>
Message-Id: <199905210635.QAA10497@henry.cs.adfa.edu.au>
Subject: Lowering securelevel from console?
To: security@freebsd.org
Date: Fri, 21 May 1999 16:35:11 +1000 (EST)
Reply-To: wkt@cs.adfa.edu.au
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi all,
	I'm sure this has been discussed before, I've hit the list browse
web engine with no good results, so...

I think that being able to lower the securelevel as root from the console
would be a good idea, rather than having to go to single-user mode to make
changes as required.

I know the current code in kern_mib.c doesn't do this. I'm expecting
comments back saying that it's not a good idea, you're still net connected.
Assume I've ifconfig'd all interfaces down :-)

Now, are there any other reasons why lowering securelevel as root from
the console (and no net connectivity) would be a BAD thing?

Many thanks in advance for critical and informative replies!

	Warren


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message