Date: Mon, 4 Sep 2000 19:49:22 +0400 (MSD) From: "Aleksandr A.Babaylov" <babolo@links.ru> To: sheldonh@uunet.co.za Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: bin/20974: securelevel not reset when going to single user mode Message-ID: <200009041549.TAA09211@aaz.links.ru> In-Reply-To: <200009041150.EAA18480@freefall.freebsd.org> from "Sheldon Hearn" at "Sep 4, 0 04:50:03 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn writes: > The following reply was made to PR bin/20974; it has been noted by GNATS. > > From: Sheldon Hearn <sheldonh@uunet.co.za> > To: Vivek Khera <khera@kcilink.com> > Cc: freebsd-gnats-submit@freebsd.org > Subject: Re: bin/20974: securelevel not reset when going to single user mode > Date: Mon, 04 Sep 2000 13:39:46 +0200 > > On Sun, 03 Sep 2000 08:30:06 MST, Vivek Khera wrote: > > > It sure is hard to do system maintenance unless the secure level drops > > back to 0 in single user mode. BSD/OS does this, and it makes sense > > to do so, I think. > > The CVS logs for init.c revealed something interesting: > > | revision 1.36 > | date: 1999/09/06 08:41:32; author: kato; state: Exp; lines: +1 -7 > | FreeBSD kernel doesn't allow any process to decrease securelevel. So, > | init(8) cannot decrease securelevel. The manual page explains this > | and single_user() doesn't try to downgrade kernel to insecure mode. > | > | Reviewed by: bde (manual page) > > As I said before, I don't think that the manual page describes the > reality of the sitation. > > So now the issue is whether we want to allow the same behaviour as > BSD/OS exhibits, and if so, how to teach the kernel to allow the > dropping of the securelevel. I propose change via options in config file, because current state is very useful > Ciao, > Sheldon. -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009041549.TAA09211>