From owner-freebsd-stable@FreeBSD.ORG  Fri May 11 11:11:48 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A2AA816A405
	for <freebsd-stable@freebsd.org>; Fri, 11 May 2007 11:11:48 +0000 (UTC)
	(envelope-from tom.hurst@clara.net)
Received: from spork.qfe3.net (spork.qfe3.net [212.13.207.101])
	by mx1.freebsd.org (Postfix) with ESMTP id 6CECD13C457
	for <freebsd-stable@freebsd.org>; Fri, 11 May 2007 11:11:48 +0000 (UTC)
	(envelope-from tom.hurst@clara.net)
Received: from [81.104.144.87] (helo=voi.aagh.net)
	by spork.qfe3.net with esmtp (Exim 4.66 (FreeBSD))
	(envelope-from <tom.hurst@clara.net>)
	id 1HmT2G-000ESd-Sd; Fri, 11 May 2007 12:11:44 +0100
Received: from freaky by voi.aagh.net with local (Exim 4.66 (FreeBSD))
	(envelope-from <tom.hurst@clara.net>)
	id 1HmT28-000A2Q-KK; Fri, 11 May 2007 12:11:36 +0100
Date: Fri, 11 May 2007 12:11:36 +0100
From: Thomas Hurst <tom.hurst@clara.net>
To: G?t Andr?s <andrej@antiszoc.hu>
Message-ID: <20070511111136.GA38295@voi.aagh.net>
Mail-Followup-To: G?t Andr?s <andrej@antiszoc.hu>,
	freebsd-stable@freebsd.org, noc@intellicom.hu
References: <54364.195.70.43.76.1178880987.squirrel@duloc.webmedia.hu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <54364.195.70.43.76.1178880987.squirrel@duloc.webmedia.hu>
Organization: Not much.
User-Agent: Mutt/1.5.15 (2007-04-06)
Sender: Thomas Hurst <freaky@voi.aagh.net>
Cc: noc@intellicom.hu, freebsd-stable@freebsd.org
Subject: Re: freebsd and securelevel question
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2007 11:11:48 -0000

* G?t Andr?s (andrej@antiszoc.hu) wrote:

> So. The simple question is: Why FreeBSD has securelevel 0 if init sets
> it to 1, if it sees at boot that the level is 0? :)

So when you boot to single user mode you can turn off immutable/append
only flags etc, without letting those capabilities propagate into
multiuser mode?

> We'd like to use our machines with securelevel 0 by default, so I had
> comment out the relevant two lines from init.c.

init(8):
  -1    Permanently insecure mode - always run the system in level 0 mode.
  This is the default initial value.

-- 
Thomas 'Freaky' Hurst
    http://hur.st/