Date: Mon, 1 Dec 1997 12:05:18 -0800 From: "Jin Guojun [ITG staff]" <jin@george.lbl.gov> To: joerg_wunsch@uriah.heep.sax.de Cc: bugs@FreeBSD.ORG Subject: Re: kern.securelevel auto from 0 to 1 ?bug/feature? Message-ID: <199712012005.MAA07847@george.lbl.gov>
next in thread | raw e-mail | index | archive | help
}> So, I wonder if something can be fixed in FreeBSD kernel to prevent this }> automatically securelevel jumping? } }Well, if you want `insecure' mode, leave it as -1, and it won't bump }itself. That's why it's called ``Permanently insecure'' then. } }Unlike the other BSD's, we decided to also plug some of the more }common holes in the device drivers if you ever go to more than `0'. }Due to the way X11 is currently implemented (which is unlikelyl to }change within the near future), this precludes an Xserver from working }in any of the higher securelevels. OTOH, if you operate a server }machine, the Xserver is probably not your biggest desire, but you }might value the securelevel features... } }-- }cheers, J"org I am not sure what is your point. The secure level should do nothing with Xserver AT ALL. The secure level is aimed to network ONLY. I could not imagine if one is sitting at front of a server with the console, the secure level is meaningful to this one. This person can pick a hammer to break the entire machine; short the circiut; take out the disk drive(s), and do whatever this one wants. The only prevention for this problem is the key/lock/secure guard, not software. My question is "why cannot the system let secure level stay at level 0 during the boot processing?" It can certainly be set to 0 after boot. Would someone be happy to address this issue? Thanks, -Jin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712012005.MAA07847>