Date: Fri, 21 May 1999 00:16:47 -0700 (PDT) From: dima@best.net (Dima Ruban) To: wkt@cs.adfa.edu.au Cc: security@FreeBSD.ORG Subject: Re: Lowering securelevel from console? Message-ID: <199905210716.AAA20092@burka.rdy.com> In-Reply-To: <199905210635.QAA10497@henry.cs.adfa.edu.au> from Warren Toomey at "May 21, 1999 04:35:11 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Warren Toomey writes: > Hi all, > I'm sure this has been discussed before, I've hit the list browse > web engine with no good results, so... > > I think that being able to lower the securelevel as root from the console > would be a good idea, rather than having to go to single-user mode to make > changes as required. > > I know the current code in kern_mib.c doesn't do this. I'm expecting > comments back saying that it's not a good idea, you're still net connected. > Assume I've ifconfig'd all interfaces down :-) > > Now, are there any other reasons why lowering securelevel as root from > the console (and no net connectivity) would be a BAD thing? > > Many thanks in advance for critical and informative replies! Use DDB. Something like this should work: db> w securelevel 0xffffffff db> cont Enabling securelevel changes from the console w/o breaking into the debugger is potentially dangerous. > > Warren > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905210716.AAA20092>