From owner-freebsd-security  Mon Jun 10 08:41:32 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA18341
          for security-outgoing; Mon, 10 Jun 1996 08:41:32 -0700 (PDT)
Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA18281
          for <freebsd-security@freebsd.org>; Mon, 10 Jun 1996 08:41:17 -0700 (PDT)
Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM)
	id AA13821; Mon, 10 Jun 1996 11:40:26 -0400
Date: Mon, 10 Jun 1996 11:40:26 -0400
From: Garrett Wollman <wollman@lcs.mit.edu>
Message-Id: <9606101540.AA13821@halloran-eldar.lcs.mit.edu>
To: Brian Tao <taob@io.org>
Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: Effects of kern.securelevel >= 0
In-Reply-To: <Pine.NEB.3.92.960609193710.8414F-100000@zap.io.org>
References: <9606092044.AA08601@halloran-eldar.lcs.mit.edu>
	<Pine.NEB.3.92.960609193710.8414F-100000@zap.io.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

<<On Sun, 9 Jun 1996 19:44:16 -0400 (EDT), Brian Tao <taob@io.org> said:

>> No.  It is automatically increased by init if it starts out as >=0.

>     You mean "<= 0"?  I haven't fiddled with the default startup value
> here, and a 'sysctl kern.securelevel' in multiuser mode shows it is
> still at level -1.

No, I mean >=0.  If it is less than zero, then init doesn't touch it.
If it is any other value x >= 0 at the end of /etc/rc, then init will
raise it to x+1, and lower it back to 0 when re-entering single-user
mode (as via `shutdown' without `-r' or `-h').

-GAWollman

--
Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
Opinions not those of| It is a bond more powerful than absence.  We like people
MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant