From owner-freebsd-current  Fri Sep 22 18:41:27 2000
Delivered-To: freebsd-current@freebsd.org
Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209])
	by hub.freebsd.org (Postfix) with SMTP id 78AC937B424
	for <freebsd-current@FreeBSD.ORG>; Fri, 22 Sep 2000 18:41:24 -0700 (PDT)
Received: (qmail 12501 invoked by uid 1000); 23 Sep 2000 01:41:23 -0000
Date: Sat, 23 Sep 2000 03:41:23 +0200
From: "Karsten W. Rohrbach" <karsten@rohrbach.de>
To: Vivek Khera <khera@kciLink.com>
Cc: freebsd-current@FreeBSD.ORG
Subject: Re: call for testers: init securelevel patch
Message-ID: <20000923034123.C6957@rohrbach.de>
Reply-To: karsten@rohrbach.de
References: <20000907152923.A57609@murkwood.znh.org> <Pine.BSF.4.21.0009080855361.30227-100000@besplex.bde.org> <14776.61431.463710.288320@onceler.kciLink.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <14776.61431.463710.288320@onceler.kciLink.com>; from khera@kciLink.com on Fri, Sep 08, 2000 at 09:56:07AM -0400
X-Arbitrary-Number-Of-The-Day: 42
X-Sender: karsten@rohrbach.de
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Vivek Khera(khera@kciLink.com)@Fri, Sep 08, 2000 at 09:56:07AM -0400:
[...]
> That last sentence makes me think that the person who decided this
> does not use a network to update that machine, ie NFS mounting
> /usr/src.  It is a royal PITA to get networking up and going after a
> single-user reboot to get out of secure level.
[...]

read my lips: con sole ser ver
;-) on a dedicated internal administration network is this the stuff
that saves you time.

ah, ... and, yes, we use a network also to update the machines ;> but
not with nfs mounting /usr/src. best choice is you write a little
setup-automagic script for single user mode and place it under /root

decrementing securelevel is evil.
doing things in userland which can turn off security features is evil.
securelevel is your friend.

/k

-- 
> Booze is the answer. I don't remember the question.
KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message