Date: Wed, 9 May 2001 06:53:24 -0300 (BRT) From: Giovanni Picoli Tirloni <tirloni@din.uem.br> To: Steve Peck <steve.peck@uk.easynet.net> Cc: <security@FreeBSD.ORG> Subject: Re: kernel security level Message-ID: <20010509064729.P517-100000@mink.ath.cx> In-Reply-To: <20010509200921.A65710@pavilion.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 May 2001, Steve Peck wrote: > Hi, > > I've installed the FreeBSD 4.3 > > And I got this strange problem where the kern.sercurelevel was set to 1. > > I had a version of 4.2 which just defaults to -1. > > Is this something new? > > Although it seems like a good idea, I had much trouble finding out why > I couldn't run X windows. Soon as I found a reference to this /dev/mem > suddenly was permitted and X started up - but only as root :-(. > > I have since found that I can run X (as root) on kern.securelevel = 0 > But if I set it to this via /etc/sysctl.conf it just gets upgraded to > level 1! So, I now have it set to level -1 in /etc/sysctl.conf. > > If I did want to run at level 0 then I would have to upgrade it manually > By loggin in as root and doing > # sysctl - w kern.securelevel=0 > every reboot :-( > > Now, have I done something stangely bad during my install. > > I just ftp'd it from the ftp.uk.FreeBSD.org site. > > If I try to startx as a user then I now get > > Fatal server error: > xf86OpeConsole:Server must be suid root > > Hmmmm, anyone got any ideas? Check your /etc/rc.conf, there must be these lines there: kern_securelevel_enable="YES" kern_securelevel="1" You don't need to change kern.securelevel yourself, the /etc/rc script does it for you at boot time already. So take those lines out of your sysctl.conf and just set the proper secure level in /etc/rc.conf or disable it at all. You must have chosen the medium security profile (or whatever sets the secure level to 1) while installing FreeBSD. G'luck -- Giovanni Picoli Tirloni tirloni@din.uem.br To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010509064729.P517-100000>