Date: Tue, 29 Dec 1998 00:33:15 +0100 (MET) From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-current@FreeBSD.ORG Cc: "Eugene M. Kim" <astralblue@usa.net> Subject: Re: Setting securelevel Message-ID: <199812282333.AAA24203@uriah.heep.sax.de> References: <Pine.BSF.4.05.9812281327550.93799-100000@seerajeane.ia.cp>
next in thread | previous in thread | raw e-mail | index | archive | help
"Eugene M. Kim" <astralblue@usa.net> wrote: > This, in consequence, prohibits the kernel from returning to the > insecure mode even in the single-user mode. Intentionally. There was at least one CERT advisory by that time that turned out to abuse this security hole (something like abusing a buffer overflow in init(8) in a way so securelevel could be lowered while the system is running -- something that should _never_ happen). We finally decided that a securelevel is simply and only secure if it cannot be lowered again. If i'm not totally mistaken, i've been the one who did the deed... yep: revision 1.9 date: 1997/06/25 07:31:47; author: joerg; state: Exp; lines: +2 -2 Don't ever allow lowering the securelevel at all. Allowing it does nothing good except of opening a can of (potential or real) security holes. People maintaining a machine with higher security requirements need to be on the console anyway, so there's no point in not forcing them to reboot before starting maintenance. Agreed by: hackers, guido So it doesn't always require a Dane to do a bloody deed. ;-) Well, the only thing you lose by this change is your uptime record. You trade it for security. In case you are ready to go down to single-user, you already need access to the console anyway, so you can reboot first as well. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812282333.AAA24203>