Date: Fri, 21 May 1999 20:16:37 -0600 From: Warner Losh <imp@harmony.village.org> To: wkt@cs.adfa.edu.au Cc: security@FreeBSD.ORG Subject: Re: Lowering securelevel from console? Message-ID: <199905220216.UAA00385@harmony.village.org> In-Reply-To: Your message of "Sat, 22 May 1999 11:19:25 %2B1000." <199905220119.LAA15588@henry.cs.adfa.edu.au> References: <199905220119.LAA15588@henry.cs.adfa.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199905220119.LAA15588@henry.cs.adfa.edu.au> Warren Toomey writes: : I think I understand the issue: if someone can break in as root, at the : present they cannot lower the securelevel without rebooting the system. That is the design goal. Modulo bugs in device drivers, that is the case. : I'd still like to have the ability to temporarily lower the securelevel : without having to suffer the delay of a reboot. Is this essentially : infeasible, or are there any ways of authenticating the `real' super-user? options DDB in your kernel. However, that assumes that physical posession of the console (or the ability to get to it if it is a serial console) is secure enough. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905220216.UAA00385>