From owner-freebsd-current Mon Dec 28 13:41:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA25945 for freebsd-current-outgoing; Mon, 28 Dec 1998 13:41:06 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from seerajeane.ia.cp (redion.nttmcl.com [216.69.69.40]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA25931 for ; Mon, 28 Dec 1998 13:41:04 -0800 (PST) (envelope-from gene@nttmcl.com) Received: from localhost (gene@localhost) by seerajeane.ia.cp (8.9.1/8.9.1) with ESMTP id NAA06293 for ; Mon, 28 Dec 1998 13:39:30 -0800 (PST) (envelope-from gene@nttmcl.com) X-Authentication-Warning: seerajeane.ia.cp: gene owned process doing -bs Date: Mon, 28 Dec 1998 13:39:28 -0800 (PST) From: "Eugene M. Kim" X-Sender: gene@seerajeane.ia.cp To: FreeBSD-current Mailing List Subject: Setting securelevel Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, In init(8) it is said that init can lower the security level, and src/sbin/init/init.c has the code to lower the security level back to zero in single-user mode. However, it doesn't seem that the kernel allows the security level to be lowered even if init requests it. (See (rev 1.16 of) src/sys/kern/kern_mib.c around line 130 -- the caller's pid isn't checked.) This, in consequence, prohibits the kernel from returning to the insecure mode even in the single-user mode. Is this a known problem, or did I miss something? I tried searching through the PR database but couldn't find any relevant records. Thank you, Eugene To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message