Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Jan 2001 21:30:22 -0500 (EST)
From:      Evan S <kaworu@sektor7.ath.cx>
To:        Erick Mechler <emechler@techometer.net>
Cc:        Peter Brezny <peter@sysadmin-inc.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: changing kernsecurelevel
Message-ID:  <Pine.GSO.4.10.10101052129290.4678-100000@wintermute.sekt7>
In-Reply-To: <20010105182040.A62789@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
I know this may seem crazy. But, I _want_ to be able to lower the secure
level. What part of the soruce would I need to edit in order to fix this?

I have some special circumstances.. I run a public root-access machine.

Thanks,

Evan Sarmiento (kaworu@sektor7.ath.cx)
http://sekt7.org/es

On Fri, 5 Jan 2001, Erick Mechler wrote:

> You can't change the securelevel to anything lower without rebooting
> the machine, but you can raise it.  If you could lower it using some
> userland command, it won't really be that secure, no?
> 
> >From the securelevel manpage:
> 
>      The kernel runs with four different levels of security.  Any super-user
>      process can raise the security level, but no process can lower it.
> 
> The securelevel definitions are also on the same manpage.
> 
> Regards,
> Erick
> 
> At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this:
> :: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting
> :: the machine.
> :: 
> :: I've run into problems installing new kernels with a kernelsecure level of
> :: 2, but so far, the only way I've figured out to change the kernel secure
> :: level is to modify rc.conf, changing the secure level and rebooting the
> :: machine.
> :: 
> :: How do i accomplish this without a reboot, or, if i am going at it all
> :: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2?
> :: 
> :: TIA
> :: 
> :: Peter Brezny
> :: SysAdmin Services Inc.
> :: 
> :: 
> :: 
> :: To Unsubscribe: send mail to majordomo@FreeBSD.org
> :: with "unsubscribe freebsd-security" in the body of the message
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.10101052129290.4678-100000>