From owner-freebsd-security Wed May 9 12:14:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from amersham.mail.uk.easynet.net (amersham.mail.uk.easynet.net [195.40.1.45]) by hub.freebsd.org (Postfix) with ESMTP id CC8F537B423 for ; Wed, 9 May 2001 12:14:09 -0700 (PDT) (envelope-from steve@pavilion.net) Received: from mushroom.systems.pavilion.net (mushroom.systems.pavilion.net [212.74.1.186]) by amersham.mail.uk.easynet.net (Postfix) with ESMTP id 9FB731767A for ; Wed, 9 May 2001 20:14:02 +0100 (BST) Received: by mushroom.systems.pavilion.net (Postfix, from userid 1002) id F3C6913151; Wed, 9 May 2001 20:09:21 +0100 (BST) Date: Wed, 9 May 2001 20:09:21 +0100 From: Steve Peck To: security@FreeBSD.ORG Subject: kernel security level Message-ID: <20010509200921.A65710@pavilion.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I've installed the FreeBSD 4.3 And I got this strange problem where the kern.sercurelevel was set to 1. I had a version of 4.2 which just defaults to -1. Is this something new? Although it seems like a good idea, I had much trouble finding out why I couldn't run X windows. Soon as I found a reference to this /dev/mem suddenly was permitted and X started up - but only as root :-(. I have since found that I can run X (as root) on kern.securelevel = 0 But if I set it to this via /etc/sysctl.conf it just gets upgraded to level 1! So, I now have it set to level -1 in /etc/sysctl.conf. If I did want to run at level 0 then I would have to upgrade it manually By loggin in as root and doing # sysctl - w kern.securelevel=0 every reboot :-( Now, have I done something stangely bad during my install. I just ftp'd it from the ftp.uk.FreeBSD.org site. If I try to startx as a user then I now get Fatal server error: xf86OpeConsole:Server must be suid root Hmmmm, anyone got any ideas? Cheers Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message