From owner-freebsd-security Sun Sep 9 12: 0:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id 212DA37B401 for ; Sun, 9 Sep 2001 12:00:34 -0700 (PDT) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.3/8.9.3) with ESMTP id f89Iw5X18637; Sun, 9 Sep 2001 15:58:05 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Sun, 9 Sep 2001 15:58:05 -0300 (ART) From: Fernando Gleiser To: Eric Thern Cc: Subject: Re: Kernel-loadable Root Kits < securelevel > In-Reply-To: <20010909.18312775@mis.configured.host> Message-ID: <20010909153307.V4633-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 9 Sep 2001, Eric Thern wrote: > > Is there any possibility of having console be able to lower the > securelevel without rebooting? In a situation with dedicated or > colocated servers where only one person has console access, it would sure > be a wonderful thing, although I'm fairly certain there is some security > loophole in that whole mess. If you have DDB enabled in your kernel, you can break to it and lower the securelevel from the debuger. Leave ddb, do whatever you have to do then raise your securelevel again. Fer > > > -Eric > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message