From owner-freebsd-security  Mon Sep  6 22: 6: 9 1999
Delivered-To: freebsd-security@freebsd.org
Received: from eclogite.eps.nagoya-u.ac.jp (eclogite.eps.nagoya-u.ac.jp [133.6.124.145])
	by hub.freebsd.org (Postfix) with ESMTP
	id E31A815A55; Mon,  6 Sep 1999 22:05:39 -0700 (PDT)
	(envelope-from kato@ganko.eps.nagoya-u.ac.jp)
Received: from localhost (gneiss.eps.nagoya-u.ac.jp [133.6.124.148])
	by eclogite.eps.nagoya-u.ac.jp (8.9.3/3.7W) with ESMTP id OAA03353;
	Tue, 7 Sep 1999 14:00:46 +0900 (JST)
To: dillon@apollo.backplane.com
Cc: gjb-freebsd@gba.oz.au, des@flood.ping.uio.no,
	kato@ganko.eps.nagoya-u.ac.jp, bde@zeta.org.au,
	freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Init(8) cannot decrease securelevel 
From: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>
In-Reply-To: Your message of "Mon, 6 Sep 1999 21:20:55 -0700 (PDT)"
	<199909070420.VAA77483@apollo.backplane.com>
References: <199909070420.VAA77483@apollo.backplane.com>
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
X-PGP-Fingerprint: 03 72 85 36 62 46 23 03  52 B1 10 22 44 10 0D 9E
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <19990907140016E.kato@gneiss.eps.nagoya-u.ac.jp>
Date: Tue, 07 Sep 1999 14:00:16 +0900
X-Dispatcher: imput version 980905(IM100)
Lines: 37
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Matthew Dillon <dillon@apollo.backplane.com> wrote:

>    I disagree quite strongly.  DDB provides a mechanism to allow a
>    sysadmin to obtain a greater amount of information from a panic
>    situation then he could get otherwise.  Being able to obtain this
>    information does not run counter to running with a raised securelevel.
> 
>    If the system winds up in a state where a kernel core cannot be
>    generated, DDB is the only way to figure out what is going on.  
>    securelevel is a mechanism which attempts to guarentee data security,
>    at least to a degree.  These two items do not clash.

If console works and crackers can use it, protecting securelevel from
DDB does not provide enough security.  Though securelevel cannot be
changed,

	(1) Turn off power.
	(2) Boot as single-user mode.
	(3) Do what crackers want.

or

	(1) Turn off power.
	(2) Remove HDD.
	(3) Mount on another FreeBSD box.
	(4) Edit a file in the HDD.
	(5) Return HDD.
	(6) Reboot.

is available.

-----------------------------------------------+--------------------------+
KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>  |        FreeBSD           |
Dept. Earth Planet. Sci, Nagoya Univ.          |    The power to serve!   |
Nagoya, 464-8602, Japan                        |  http://www.FreeBSD.org/ |
++++ FreeBSD(98) 3.2:   Rev. 01 available!     |http://www.jp.FreeBSD.org/|
++++ FreeBSD(98) 2.2.8: Rev. 02 available!     +==========================+


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message