Date: Mon, 06 Sep 1999 14:23:42 +0900 From: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> To: bde@zeta.org.au Cc: freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel Message-ID: <19990906142342F.kato@gneiss.eps.nagoya-u.ac.jp> In-Reply-To: Your message of "Mon, 6 Sep 1999 15:13:48 %2B1000" <199909060513.PAA12402@godzilla.zeta.org.au> References: <199909060513.PAA12402@godzilla.zeta.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans <bde@zeta.org.au> wrote: > There used to be security holes that allowed root to lower `securelevel' > using init. Rev.1.9 defends against any undiscovered holes. How about following change? ---------- *** init.8.ORIG Mon Sep 6 14:20:46 1999 --- init.8 Mon Sep 6 14:23:01 1999 *************** *** 92,99 **** .Dq secure . .Pp The kernel runs with four different levels of security. ! Any super-user process can raise the security level, but only ! .Nm can lower it. The security levels are: .Bl -tag -width flag --- 92,98 ---- .Dq secure . .Pp The kernel runs with four different levels of security. ! Any super-user process can raise the security level, but no process can lower it. The security levels are: .Bl -tag -width flag ---------- -----------------------------------------------+--------------------------+ KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> | FreeBSD | Dept. Earth Planet. Sci, Nagoya Univ. | The power to serve! | Nagoya, 464-8602, Japan | http://www.FreeBSD.org/ | ++++ FreeBSD(98) 3.2: Rev. 01 available! |http://www.jp.FreeBSD.org/| ++++ FreeBSD(98) 2.2.8: Rev. 02 available! +==========================+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990906142342F.kato>