Date: Mon, 3 Mar 1997 00:30:36 -0500 (EST) From: mab@sjca.edu To: FreeBSD-gnats-submit@freebsd.org Subject: docs/2850: init(8) man page does not document securelevel properly Message-ID: <199703030530.AAA13107@continuity.sjca.edu> Resent-Message-ID: <199703030530.VAA00512@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2850 >Category: docs >Synopsis: init(8) man page does not document securelevel properly >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 2 21:30:01 PST 1997 >Last-Modified: >Originator: Matt Braithwaite >Organization: Matt Braithwaite #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL http:// $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa www.sjca.edu/ 2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print ph/m-braithwaite pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2) >Release: FreeBSD 2.1-STABLE i386 >Environment: true for -stable up to 2.1.7-RELEASE >Description: There are a couple problems with the documentation of kernel security levels: 1) The init(8) manual page states that the kernel boots at securelevel 0. This isn't true; by default it is set to -1. 2) The interface to changing the security level (editing /usr/src/sys/kern/kern_sysctl.h or something like that) is not documented. Also, the interface stinks, but this is supposed to be a doc bug. :-) 3) The manual page ought to warn that configuring a kernel to boot at securelevel 1 or 2 can cause autobooting to fail, because the kernel will not be able to do fsck on dirty filesystems. I speak from experience on this one. 4) Saying that securelevel can be raised to 2 in /etc/rc is a little vague. It ought to state at exactly what point in booting securelevel can be raised---like, say, right at the end. If you did it before the filesystem checks, things would be bad. That would be clueless of course, but... Really, there should be an /etc/sysconfig interface to securelevel; this would un-obfuscate things considerably. >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703030530.AAA13107>