From owner-freebsd-current  Fri Sep  8  6:56:10 2000
Delivered-To: freebsd-current@freebsd.org
Received: from kci.kciLink.com (kci.kciLink.com [204.117.82.1])
	by hub.freebsd.org (Postfix) with ESMTP id 8300A37B423
	for <freebsd-current@FreeBSD.ORG>; Fri,  8 Sep 2000 06:56:08 -0700 (PDT)
Received: from onceler.kciLink.com (onceler.kciLink.com [204.117.82.2])
	by kci.kciLink.com (Postfix) with ESMTP id 90A57E881
	for <freebsd-current@FreeBSD.ORG>; Fri,  8 Sep 2000 09:56:07 -0400 (EDT)
Received: (from khera@localhost)
	by onceler.kciLink.com (8.11.0/8.11.0) id e88Du7K85400;
	Fri, 8 Sep 2000 09:56:07 -0400 (EDT)
	(envelope-from khera)
From: Vivek Khera <khera@kciLink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14776.61431.463710.288320@onceler.kciLink.com>
Date: Fri, 8 Sep 2000 09:56:07 -0400 (EDT)
To: freebsd-current@FreeBSD.ORG
Subject: Re: call for testers: init securelevel patch
In-Reply-To: <Pine.BSF.4.21.0009080855361.30227-100000@besplex.bde.org>
References: <20000907152923.A57609@murkwood.znh.org>
	<Pine.BSF.4.21.0009080855361.30227-100000@besplex.bde.org>
X-Mailer: VM 6.72 under 21.1 (patch 11) "Carlsbad Caverns" XEmacs Lucid
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>>>> "BE" == Bruce Evans <bde@zeta.org.au> writes:

BE> revision 1.9
BE> date: 1997/06/25 07:31:47;  author: joerg;  state: Exp;  lines: +2 -2
BE> Don't ever allow lowering the securelevel at all.  Allowing it does
BE> nothing good except of opening a can of (potential or real) security
BE> holes.  People maintaining a machine with higher security requirements
BE> need to be on the console anyway, so there's no point in not forcing
BE> them to reboot before starting maintenance.

That last sentence makes me think that the person who decided this
does not use a network to update that machine, ie NFS mounting
/usr/src.  It is a royal PITA to get networking up and going after a
single-user reboot to get out of secure level.

Perhaps one of the secure level restrictions should be that you cannot
attach to pid 1 via the debugger.

Does the kernel have an idea of single user mode or is that purely a
user space thing?  Perhaps the kernel could drop the restrictions when
in single user mode itself.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD       +1-301-545-6996
GPG & MIME spoken here            http://www.khera.org/~vivek/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message