Date: Tue, 07 Sep 1999 14:00:16 +0900 From: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> To: dillon@apollo.backplane.com Cc: gjb-freebsd@gba.oz.au, des@flood.ping.uio.no, kato@ganko.eps.nagoya-u.ac.jp, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel Message-ID: <19990907140016E.kato@gneiss.eps.nagoya-u.ac.jp> In-Reply-To: Your message of "Mon, 6 Sep 1999 21:20:55 -0700 (PDT)" <199909070420.VAA77483@apollo.backplane.com> References: <199909070420.VAA77483@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon <dillon@apollo.backplane.com> wrote: > I disagree quite strongly. DDB provides a mechanism to allow a > sysadmin to obtain a greater amount of information from a panic > situation then he could get otherwise. Being able to obtain this > information does not run counter to running with a raised securelevel. > > If the system winds up in a state where a kernel core cannot be > generated, DDB is the only way to figure out what is going on. > securelevel is a mechanism which attempts to guarentee data security, > at least to a degree. These two items do not clash. If console works and crackers can use it, protecting securelevel from DDB does not provide enough security. Though securelevel cannot be changed, (1) Turn off power. (2) Boot as single-user mode. (3) Do what crackers want. or (1) Turn off power. (2) Remove HDD. (3) Mount on another FreeBSD box. (4) Edit a file in the HDD. (5) Return HDD. (6) Reboot. is available. -----------------------------------------------+--------------------------+ KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> | FreeBSD | Dept. Earth Planet. Sci, Nagoya Univ. | The power to serve! | Nagoya, 464-8602, Japan | http://www.FreeBSD.org/ | ++++ FreeBSD(98) 3.2: Rev. 01 available! |http://www.jp.FreeBSD.org/| ++++ FreeBSD(98) 2.2.8: Rev. 02 available! +==========================+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990907140016E.kato>