Date: Mon, 4 Sep 2000 04:50:03 -0700 (PDT) From: Sheldon Hearn <sheldonh@uunet.co.za> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/20974: securelevel not reset when going to single user mode Message-ID: <200009041150.EAA18480@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/20974; it has been noted by GNATS. From: Sheldon Hearn <sheldonh@uunet.co.za> To: Vivek Khera <khera@kcilink.com> Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/20974: securelevel not reset when going to single user mode Date: Mon, 04 Sep 2000 13:39:46 +0200 On Sun, 03 Sep 2000 08:30:06 MST, Vivek Khera wrote: > It sure is hard to do system maintenance unless the secure level drops > back to 0 in single user mode. BSD/OS does this, and it makes sense > to do so, I think. The CVS logs for init.c revealed something interesting: | revision 1.36 | date: 1999/09/06 08:41:32; author: kato; state: Exp; lines: +1 -7 | FreeBSD kernel doesn't allow any process to decrease securelevel. So, | init(8) cannot decrease securelevel. The manual page explains this | and single_user() doesn't try to downgrade kernel to insecure mode. | | Reviewed by: bde (manual page) As I said before, I don't think that the manual page describes the reality of the sitation. So now the issue is whether we want to allow the same behaviour as BSD/OS exhibits, and if so, how to teach the kernel to allow the dropping of the securelevel. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009041150.EAA18480>