Date: Fri, 8 Sep 2000 17:24:52 +0200 (CEST) From: Paul Herman <pherman@frenchfries.net> To: Vivek Khera <khera@kciLink.com> Cc: freebsd-current@FreeBSD.ORG Subject: Re: call for testers: init securelevel patch Message-ID: <Pine.BSF.4.21.0009081717590.315-100000@bagabeedaboo.security.at12.de> In-Reply-To: <14776.61431.463710.288320@onceler.kciLink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 8 Sep 2000, Vivek Khera wrote: > >>>>> "BE" == Bruce Evans <bde@zeta.org.au> writes: > > BE> revision 1.9 > BE> date: 1997/06/25 07:31:47; author: joerg; state: Exp; lines: +2 -2 > BE> Don't ever allow lowering the securelevel at all. Allowing it does > BE> nothing good except of opening a can of (potential or real) security > BE> holes. People maintaining a machine with higher security requirements > BE> need to be on the console anyway, so there's no point in not forcing > BE> them to reboot before starting maintenance. > > Perhaps one of the secure level restrictions should be that you cannot > attach to pid 1 via the debugger. You can't. Ever since Apr 1997 you couldn't attach gdb to init. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009081717590.315-100000>