Date: Mon, 5 May 1997 17:37:12 +0900 (JST) From: Kenji Rikitake <kenji@reseau.toyonaka.osaka.jp> To: freebsd-security@FreeBSD.org Subject: questions on 2.2.1-RELEASE default value for kern.securelevel Message-ID: <19970505083712.5998.qmail@reseau.toyonaka.osaka.jp>
next in thread | raw e-mail | index | archive | help
Today I found that kern.securelevel of my 2.2.1-RELEASE-running machine was -1. I decided to set it to 0 in /etc/rc so that it would be secured to level 1 in the multi-user mode. This was successful but when I tried to boot up XF86 server it failed because of the operation failure of KDENABIO. So I checked out some kernel code and found that in /sys/i386/isa/syscons.c the KDENABIO operation is prohibited when kern.securelevel > 0. Here's my questions: 1. Why the initial value of kern.securelevel is set to -1? 2. Why the KDENABIO operation is prohibited when kern.securelevel > 0? Obviously patching out the kern.securelevel check in KDENABIO code will run the XF86 server, but doing this may create a new vulnerability. I would appreciate if a FreeBSD guru can answer me about this. FYI my BSD/OS 2.0.1 runs Xaccel happily in kern.securelevel = 1. Why not on the FreeBSD? Regards, // Kenji Rikitake <kenji@reseau.toyonaka.osaka.jp> <kenji@rcac.tdi.co.jp> // An equal opportunistic encryptor. WWW: http://www.nn.iij4u.or.jp/~kenji/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970505083712.5998.qmail>