Date: Mon, 28 Jul 1997 20:09:40 -0400 (EDT) From: Brian Buchanan <brian@thought.res.cmu.edu> To: Vincent Poy <vince@mail.MCESTATE.COM> Cc: freebsd-security@freebsd.org Subject: securelevel (was: Re: security hole in FreeBSD) Message-ID: <Pine.BSF.3.96.970728200236.26892C-100000@thought.res.cmu.edu> In-Reply-To: <Pine.BSF.3.95.970728162901.3844D-100000@mail.MCESTATE.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Vincent Poy wrote: > =)I was under the impression that doing a 'make world' in multiuser mode > =)wasn't optimal. > > I know but when all the admins are remote, it has to be done > multiuser. Is there a way to push the secure level up to 2 and then push > it down when a make world is needed? Uh, that would defeat the purpose of securelevel. It's not supposed to be possible to ever lower it, except when dropping into single-user mode, and even allowing init to do so in that instance is risky IMHO - a few months ago I reported a hole, which I believe was fixed, that made it possible to lower the securelevel by attaching a debugger to init. Even though that's plugged now, it's still possible that there's another way to fool the kernel into thinking that process 1 is requesting that securelevel be lowered.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970728200236.26892C-100000>