Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 5 May 1997 17:37:12 +0900 (JST)
From:      Kenji Rikitake <kenji@reseau.toyonaka.osaka.jp>
To:        freebsd-security@FreeBSD.org
Subject:   questions on 2.2.1-RELEASE default value for kern.securelevel
Message-ID:  <19970505083712.5998.qmail@reseau.toyonaka.osaka.jp>

next in thread | raw e-mail | index | archive | help
Today I found that kern.securelevel of my 2.2.1-RELEASE-running machine
was -1. I decided to set it to 0 in /etc/rc so that it would be secured to
level 1 in the multi-user mode. This was successful but when I tried to
boot up XF86 server it failed because of the operation failure of
KDENABIO. So I checked out some kernel code and found that in
/sys/i386/isa/syscons.c the KDENABIO operation is prohibited when
kern.securelevel > 0.

Here's my questions:

1. Why the initial value of kern.securelevel is set to -1?
2. Why the KDENABIO operation is prohibited when kern.securelevel > 0?

Obviously patching out the kern.securelevel check in KDENABIO code will
run the XF86 server, but doing this may create a new vulnerability. I
would appreciate if a FreeBSD guru can answer me about this.

FYI my BSD/OS 2.0.1 runs Xaccel happily in kern.securelevel = 1. 
Why not on the FreeBSD?

Regards,

// Kenji Rikitake <kenji@reseau.toyonaka.osaka.jp> <kenji@rcac.tdi.co.jp>
// An equal opportunistic encryptor. WWW: http://www.nn.iij4u.or.jp/~kenji/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970505083712.5998.qmail>