From owner-freebsd-bugs  Mon Sep  4  8:49:34 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from aaz.links.ru (aaz.links.ru [193.125.152.37])
	by hub.freebsd.org (Postfix) with ESMTP id D222B37B423
	for <freebsd-bugs@FreeBSD.ORG>; Mon,  4 Sep 2000 08:49:31 -0700 (PDT)
Received: (from babolo@localhost)
	by aaz.links.ru (8.9.3/8.9.3) id TAA09211;
	Mon, 4 Sep 2000 19:49:22 +0400 (MSD)
Message-Id: <200009041549.TAA09211@aaz.links.ru>
Subject: Re: bin/20974: securelevel not reset when going to single user mode
In-Reply-To: <200009041150.EAA18480@freefall.freebsd.org> from "Sheldon Hearn" at "Sep 4, 0 04:50:03 am"
To: sheldonh@uunet.co.za
Date: Mon, 4 Sep 2000 19:49:22 +0400 (MSD)
Cc: freebsd-bugs@FreeBSD.ORG
From: "Aleksandr A.Babaylov" <babolo@links.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Sheldon Hearn writes:
> The following reply was made to PR bin/20974; it has been noted by GNATS.
> 
> From: Sheldon Hearn <sheldonh@uunet.co.za>
> To: Vivek Khera <khera@kcilink.com>
> Cc: freebsd-gnats-submit@freebsd.org
> Subject: Re: bin/20974: securelevel not reset when going to single user mode 
> Date: Mon, 04 Sep 2000 13:39:46 +0200
> 
>  On Sun, 03 Sep 2000 08:30:06 MST, Vivek Khera wrote:
>  
>  >  It sure is hard to do system maintenance unless the secure level drops
>  >  back to 0 in single user mode.  BSD/OS does this, and it makes sense
>  >  to do so, I think.
>  
>  The CVS logs for init.c revealed something interesting:
>  
>  | revision 1.36
>  | date: 1999/09/06 08:41:32;  author: kato;  state: Exp;  lines: +1 -7
>  | FreeBSD kernel doesn't allow any process to decrease securelevel. So,
>  | init(8) cannot decrease securelevel.  The manual page explains this
>  | and single_user() doesn't try to downgrade kernel to insecure mode.
>  | 
>  | Reviewed by:	bde (manual page)
>  
>  As I said before, I don't think that the manual page describes the
>  reality of the sitation.
>  
>  So now the issue is whether we want to allow the same behaviour as
>  BSD/OS exhibits, and if so, how to teach the kernel to allow the
>  dropping of the securelevel.

I propose change via options in config file,
because current state is very useful

>  Ciao,
>  Sheldon.

-- 
@BABOLO      http://links.ru/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message