From owner-freebsd-security Fri May 21 0:16:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (Postfix) with ESMTP id E13B01586F for ; Fri, 21 May 1999 00:16:55 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.3/RDY&DVV) id AAA20092; Fri, 21 May 1999 00:16:47 -0700 (PDT) Message-Id: <199905210716.AAA20092@burka.rdy.com> Subject: Re: Lowering securelevel from console? In-Reply-To: <199905210635.QAA10497@henry.cs.adfa.edu.au> from Warren Toomey at "May 21, 1999 04:35:11 pm" To: wkt@cs.adfa.edu.au Date: Fri, 21 May 1999 00:16:47 -0700 (PDT) Cc: security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warren Toomey writes: > Hi all, > I'm sure this has been discussed before, I've hit the list browse > web engine with no good results, so... > > I think that being able to lower the securelevel as root from the console > would be a good idea, rather than having to go to single-user mode to make > changes as required. > > I know the current code in kern_mib.c doesn't do this. I'm expecting > comments back saying that it's not a good idea, you're still net connected. > Assume I've ifconfig'd all interfaces down :-) > > Now, are there any other reasons why lowering securelevel as root from > the console (and no net connectivity) would be a BAD thing? > > Many thanks in advance for critical and informative replies! Use DDB. Something like this should work: db> w securelevel 0xffffffff db> cont Enabling securelevel changes from the console w/o breaking into the debugger is potentially dangerous. > > Warren > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message