Date: Mon, 6 Sep 1999 08:39:54 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel Message-ID: <199909061539.IAA74893@apollo.backplane.com> References: <199909060513.PAA12402@godzilla.zeta.org.au> <19990906142342F.kato@gneiss.eps.nagoya-u.ac.jp> <xzp1zcco10z.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
:
:KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> writes:
:> The kernel runs with four different levels of security.
:> ! Any super-user process can raise the security level, but no process
:> can lower it.
:
:How about "The security level can only be raised by the super-user,
:and cannot be lowered by anyone." instead?
:
:DES
:--
:Dag-Erling Smorgrav - des@flood.ping.uio.no
Though, as a side note, it should be noted that if you have DDB
enabled then lowering the secure level is pretty easy to do. If you
have access to the console, of course. We used this trick at BEST
a couple of times. Still, I think this might qualify as a bug in
the securelevel implementation.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909061539.IAA74893>