Date: Sat, 22 May 1999 15:59:05 +0200 From: Tim Priebe <tim@iafrica.com.na> To: wkt@cs.adfa.edu.au Cc: security@freebsd.org Subject: Re: Lowering securelevel from console? Message-ID: <3746B829.E60@iafrica.com.na> References: <199905210635.QAA10497@henry.cs.adfa.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Warren Toomey wrote: > > Hi all, > I'm sure this has been discussed before, I've hit the list browse > web engine with no good results, so... > > I think that being able to lower the securelevel as root from the console > would be a good idea, rather than having to go to single-user mode to make > changes as required. > > I know the current code in kern_mib.c doesn't do this. I'm expecting > comments back saying that it's not a good idea, you're still net connected. > Assume I've ifconfig'd all interfaces down :-) > > Now, are there any other reasons why lowering securelevel as root from > the console (and no net connectivity) would be a BAD thing? If the system is multi-user with terminals or modems attached, you have just removed the security, with the possibility of having users connected. Further, if someone knows you lower your secure level without changing to single user mode, they could set a program running that waits for the secure level to change, and then does its damage. For the systems I run in secure mode, I want to know that it only comes out of secure mode, when switched to single user mode. Tim. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3746B829.E60>