From owner-freebsd-bugs Wed Nov 26 15:20:55 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA28839 for bugs-outgoing; Wed, 26 Nov 1997 15:20:55 -0800 (PST) (envelope-from owner-freebsd-bugs) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA28815 for ; Wed, 26 Nov 1997 15:20:48 -0800 (PST) (envelope-from j@uriah.heep.sax.de) Received: (from uucp@localhost) by sax.sax.de (8.8.8/8.8.8) with UUCP id AAA01272; Thu, 27 Nov 1997 00:20:43 +0100 (CET) (envelope-from j@uriah.heep.sax.de) Received: (from j@localhost) by uriah.heep.sax.de (8.8.8/8.8.5) id AAA00999; Thu, 27 Nov 1997 00:18:54 +0100 (MET) Message-ID: <19971127001854.20974@uriah.heep.sax.de> Date: Thu, 27 Nov 1997 00:18:54 +0100 From: J Wunsch To: "Jin Guojun[ITG]" Cc: bugs@FreeBSD.ORG Subject: Re: kern.securelevel auto from 0 to 1 ?bug/feature? Reply-To: Joerg Wunsch References: <199711261816.KAA08150@george.lbl.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 In-Reply-To: <199711261816.KAA08150@george.lbl.gov>; from Jin Guojun[ITG] on Wed, Nov 26, 1997 at 10:16:28AM -0800 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk As Jin Guojun[ITG] wrote: > So, I wonder if something can be fixed in FreeBSD kernel to prevent this > automatically securelevel jumping? Well, if you want `insecure' mode, leave it as -1, and it won't bump itself. That's why it's called ``Permanently insecure'' then. Unlike the other BSD's, we decided to also plug some of the more common holes in the device drivers if you ever go to more than `0'. Due to the way X11 is currently implemented (which is unlikelyl to change within the near future), this precludes an Xserver from working in any of the higher securelevels. OTOH, if you operate a server machine, the Xserver is probably not your biggest desire, but you might value the securelevel features... -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)