From owner-freebsd-security  Sun Apr 19 13:07:38 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA03177
          for freebsd-security-outgoing; Sun, 19 Apr 1998 13:07:38 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from d183-205.uoregon.edu (d183-205.uoregon.edu [128.223.183.205])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA03155
          for <freebsd-security@FreeBSD.ORG>; Sun, 19 Apr 1998 20:07:24 GMT
          (envelope-from gurney_j@efn.org)
Received: (from jmg@localhost)
          by d183-205.uoregon.edu (8.8.7/8.8.7) id NAA24546;
          Sun, 19 Apr 1998 13:07:12 -0700 (PDT)
Message-ID: <19980419130711.01465@hydrogen.nike.efn.org>
Date: Sun, 19 Apr 1998 13:07:11 -0700
From: John-Mark Gurney <gurney_j@efn.org>
To: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
Cc: Robert Watson <robert+freebsd@cyrus.watson.org>,
        Philippe Regnauld <regnauld@deepo.prosa.dk>,
        freebsd-security@FreeBSD.ORG
Subject: Re: kernel permissions
References: <Pine.BSF.3.96.980419132625.18223B-100000@trojanhorse.pr.watson.org> <199804191941.MAA23123@cwsys.cwsent.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.69
In-Reply-To: <199804191941.MAA23123@cwsys.cwsent.com>; from Cy Schubert - ITSD Open Systems Group on Sun, Apr 19, 1998 at 12:40:31PM -0700
Reply-To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
Organization: Cu Networking
X-Operating-System: FreeBSD 2.2.1-RELEASE i386
X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31  96 7A 22 B3 D8 56 36 F4
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Cy Schubert - ITSD Open Systems Group scribbled this message on Apr 19:
> The BSD kernel normally starts out at securelevel 0.  Once init has 
> initialized, e.g. run the rc scripts, the kernel automatically raises 
> the securelevel to 1 if it hasn't been raised to a higher securelevel.
> 
> Securelevel -1 is a special case.  If securelevel -1 is hard coded into 
> the kernel, as is done in FreeBSD, the kernel will not automatically 
> raise the securelevel.  In short, securelevel -1 tells the kernel to 
> leave the system at a securelevel 0 state permanently.

you know, there is a security hole in the /etc/rc scripts...

inetd is run before the /etc/rc scripts are finished, which means that
there is a [significant] amount of time where inetd is started but the
machine hasn't raised the securelevel of the system... this can be
compounded if you have atalk on the system as it will take a while to
start up making the window all that much larger...

-- 
  John-Mark Gurney                      Modem Rev/FAX: +1 541 346 9237
  Cu Networking					  P.O. Box 5693, 97405

  Live in Peace, destroy Micro$oft, support free software, run FreeBSD
	    Don't trust anyone you don't have the source for

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message