Date: Tue, 16 Jun 1998 08:32:33 +0200 (CEST) From: Frode Nordahl <froden@bigblue.no> To: Jamie Lawrence <jal@ThirdAge.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Setting securelevel in kernel? Message-ID: <Pine.BSF.3.96.980616082959.12229A-100000@login.bigblue.no> In-Reply-To: <3.0.5.32.19980615143549.03781100@204.74.82.151>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Jun 1998, Jamie Lawrence wrote: > Security isn't convenient. In any case... > > I must be missing something - you want to set a compile time kernel flag > that can be modified by bringing the machine down to single user? > > What's the point? > > I'm no kernel hacker, but I think there are some obvious, > insurmountable problems with modifying the runlevel from userland, > even in single user. Well, that's the way it's allways has worked on unix, and if you do bring the system down in singleusermode, init is supposed to be able to lower the securelevel (See init man page), but it doesn't work. So there is a bug somewhere... But I can't see how bringing the system in singleusermode can be exploitable. Init does kill everything before lowering the securelevel, and the system is accessible from console only. If you have set the console to insecure mode it even asks for root's password. --------------------------------- Frode Nordahl <froden@bigblue.no> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980616082959.12229A-100000>