From owner-freebsd-bugs  Mon Sep  4  9: 0: 9 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6F8AF37B42C
	for <freebsd-bugs@FreeBSD.org>; Mon,  4 Sep 2000 09:00:03 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id JAA20152;
	Mon, 4 Sep 2000 09:00:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Mon, 4 Sep 2000 09:00:03 -0700 (PDT)
Message-Id: <200009041600.JAA20152@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "Aleksandr A.Babaylov" <babolo@links.ru>
Subject: Re: bin/20974: securelevel not reset when going to single user mode
Reply-To: "Aleksandr A.Babaylov" <babolo@links.ru>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/20974; it has been noted by GNATS.

From: "Aleksandr A.Babaylov" <babolo@links.ru>
To: sheldonh@uunet.co.za
Cc: freebsd-bugs@freebsd.org
Subject: Re: bin/20974: securelevel not reset when going to single user mode
Date: Mon, 4 Sep 2000 19:49:22 +0400 (MSD)

 Sheldon Hearn writes:
 > The following reply was made to PR bin/20974; it has been noted by GNATS.
 > 
 > From: Sheldon Hearn <sheldonh@uunet.co.za>
 > To: Vivek Khera <khera@kcilink.com>
 > Cc: freebsd-gnats-submit@freebsd.org
 > Subject: Re: bin/20974: securelevel not reset when going to single user mode 
 > Date: Mon, 04 Sep 2000 13:39:46 +0200
 > 
 >  On Sun, 03 Sep 2000 08:30:06 MST, Vivek Khera wrote:
 >  
 >  >  It sure is hard to do system maintenance unless the secure level drops
 >  >  back to 0 in single user mode.  BSD/OS does this, and it makes sense
 >  >  to do so, I think.
 >  
 >  The CVS logs for init.c revealed something interesting:
 >  
 >  | revision 1.36
 >  | date: 1999/09/06 08:41:32;  author: kato;  state: Exp;  lines: +1 -7
 >  | FreeBSD kernel doesn't allow any process to decrease securelevel. So,
 >  | init(8) cannot decrease securelevel.  The manual page explains this
 >  | and single_user() doesn't try to downgrade kernel to insecure mode.
 >  | 
 >  | Reviewed by:	bde (manual page)
 >  
 >  As I said before, I don't think that the manual page describes the
 >  reality of the sitation.
 >  
 >  So now the issue is whether we want to allow the same behaviour as
 >  BSD/OS exhibits, and if so, how to teach the kernel to allow the
 >  dropping of the securelevel.
 
 I propose change via options in config file,
 because current state is very useful
 
 >  Ciao,
 >  Sheldon.
 
 -- 
 @BABOLO      http://links.ru/
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message