Date: Mon, 18 Oct 1999 04:30:39 -0400 From: Justin Wells <jread@semiotek.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: Justin Wells <jread@semiotek.com>, Doug <Doug@gorean.org>, Antoine Beaupre <beaupran@IRO.UMontreal.CA>, Mike Nowlin <mike@argos.org>, "Rashid N. Achilov" <shelton@sentry.granch.ru>, freebsd-security@FreeBSD.ORG Subject: Re: kern.securelevel and X Message-ID: <19991018043039.B1711@semiotek.com> In-Reply-To: <xzpyad12jd7.fsf@flood.ping.uio.no> References: <XFMail.991015111802.shelton@sentry.granch.ru> <Pine.LNX.4.05.9910150036170.5339-100000@jason.argos.org> <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com> <380A1E2C.CCA326F5@gorean.org> <19991018024704.A512@semiotek.com> <xzpyad12jd7.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 18, 1999 at 09:55:32AM +0200, Dag-Erling Smorgrav wrote: > Justin Wells <jread@semiotek.com> writes: > > 1) securelevel does not stop root from remounting / read-write, > > since mount is specifically excepted (I tried it too, I was > > able to do a "mount -u -o rw /" at securelevel 3 as root) > > Well, then, fix mount(8) so it won't run at high securelevels. You > know where to find the source code. It's mount(2) that has to be fixed. I suppose I could go and look at it, but I'm not confident that I understand all the different implications of the securelevel stuff at that level. Justin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991018043039.B1711>