From owner-freebsd-security Sun Sep 9 7:32: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from trillian.nitro.dk (213.237.101.114.adsl.kh.worldonline.dk [213.237.101.114]) by hub.freebsd.org (Postfix) with SMTP id 3F53037B407 for ; Sun, 9 Sep 2001 07:31:57 -0700 (PDT) Received: (qmail 546 invoked from network); 9 Sep 2001 14:31:55 -0000 Received: from bofh.bofh (192.168.1.3) by 0 with SMTP; 9 Sep 2001 14:31:55 -0000 Date: Sun, 9 Sep 2001 16:31:55 +0200 (CEST) From: Simon Nielsen X-X-Sender: To: Gabriel Ambuehl Cc: Subject: Re[3]: Kernel-loadable Root Kits In-Reply-To: <1521196904667.20010909161124@buz.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 9 Sep 2001, Gabriel Ambuehl wrote: > >> Would you care to point out how I could lower the securelevel then > >> for legitimate use (i.e. updates or changes to /etc) of the system > >> by the administrators? > > Reboot.. and if you set the securelevel automaticly on boot (e.g. > > in rc.conf) you must start in single user mode after the reboot. > Yeah I know that this would be a way to do it but it's rather hard to > do with colocated servers... Thats right, but i'm rather sure rebooting is the only way to lower the securelevel (anyone please correct me if i'm wrong). From init(8) : The kernel runs with four different levels of security. Any super-user process can raise the security level, but no process can lower it. [CUT] Simon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message