From owner-freebsd-security Tue Jan 9 2:55:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from guardian.hermes.si (guardian.hermes.si [193.77.5.150]) by hub.freebsd.org (Postfix) with ESMTP id 0F65337B400 for ; Tue, 9 Jan 2001 02:55:10 -0800 (PST) Received: from hermes.si (primus.hermes.si [193.77.5.98]) by guardian.hermes.si (8.9.3/8.9.3) with ESMTP id LAA29862; Tue, 9 Jan 2001 11:53:10 +0100 (MET) Received: (from uucp@localhost) by hermes.si (8.9.3/8.9.3) id LAA27198; Tue, 9 Jan 2001 11:53:09 +0100 Received: from hal9000.hermes.si(10.17.5.136) by primus.hermes.si via smap (V2.1) id xma019216; Tue, 9 Jan 01 11:52:01 +0100 Received: by hal9000.hermes.si with Internet Mail Service (5.5.2650.21) id ; Tue, 9 Jan 2001 11:52:00 +0100 Message-ID: From: Matjaz Martincic To: "'Rasputin'" , freebsd-security@FreeBSD.ORG Subject: RE: Running X in securelevels > 0 ? Date: Tue, 9 Jan 2001 11:51:59 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Had the same problem. I somehow managed to bypass it by creating the shell script that first run the Xserver and then change the securelevel with sysctl. And it worked. But the problem is that the securelevel is not changed at boot time :(, so you have to run X to set it first. rgds, Matjaz ______________________________________ OmniBack Quality Assurance Team Matjaz Martincic HERMES SoftLab Storage & Data Management Litijska 51 tel: +386 61 1865 338 Ljubljana SI-1000 fax: +386 61 1865 270 Slovenia E-mail: matjaz.martincic@hermes.si ______________________________________ -----Original Message----- From: Rasputin [mailto:rasputin@FreeBSD-uk.eu.org] Sent: Tuesday, January 09, 2001 10:47 AM To: freebsd-security@FreeBSD.ORG Subject: Running X in securelevels > 0 ? Morning all and Happy New Year. Has anyone managed to get X working in securelevel 1? I get errors when it tries to open /dev/io, which isn't that surprising (from man init): " 1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted filesystems, /dev/mem, and /dev/kmem may not be opened for writing; kernel modules (see kld(4)) may not be loaded or unloaded." But I was talking to an OpenBSD user over the weekend who said that 2.7 somehow manages to reserve access to certsain devices by running some kind of wrapper before the securelevel is used (although that may be bull). Has anybody managed this, or have any references for the OpenBSD way of doing it? Thanks. -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message