From owner-freebsd-hackers Thu Sep 7 15:54:51 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from mail2.netcologne.de (mail2.netcologne.de [194.8.194.103]) by hub.freebsd.org (Postfix) with ESMTP id 2FDE637B43E; Thu, 7 Sep 2000 15:54:48 -0700 (PDT) Received: from bagabeedaboo.security.at12.de (dial-213-168-64-109.netcologne.de [213.168.64.109]) by mail2.netcologne.de (8.9.3/8.9.3) with ESMTP id AAA23711; Fri, 8 Sep 2000 00:54:46 +0200 (MET DST) Received: from localhost (localhost.security.at12.de [127.0.0.1]) by bagabeedaboo.security.at12.de (8.11.0/8.11.0) with ESMTP id e87MscP00647; Fri, 8 Sep 2000 00:54:39 +0200 (CEST) (envelope-from pherman@frenchfries.net) Date: Fri, 8 Sep 2000 00:54:38 +0200 (CEST) From: Paul Herman To: freebsd-hackers@FreeBSD.ORG Subject: the ol' init securelevel thread Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, [ Bcc'ed to -current ] Perhaps it was a mistake :) but I took up someone else's cause and started a thread on -current which now probably belongs on -hackers. So: What are the dangers of having init lower the securelevel to 0 when the system goes into single user? Looking at the mailing list archive, this seems to be a re-occuring thread which always ended up open-ended with no real answer. Already established: * you _can't_ ptrace(2) init when securelevel > 0 * rev1.9 of kern_mib.c unfortunately states nothing concrete * both NetBSD and OpenBSD allow this behaviour * Easy, I'm not married to this idea :-) Just interested "academicaly" So, what dangers are there? -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message