Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 Sep 2000 09:00:03 -0700 (PDT)
From:      "Aleksandr A.Babaylov" <babolo@links.ru>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/20974: securelevel not reset when going to single user mode
Message-ID:  <200009041600.JAA20152@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR bin/20974; it has been noted by GNATS.

From: "Aleksandr A.Babaylov" <babolo@links.ru>
To: sheldonh@uunet.co.za
Cc: freebsd-bugs@freebsd.org
Subject: Re: bin/20974: securelevel not reset when going to single user mode
Date: Mon, 4 Sep 2000 19:49:22 +0400 (MSD)

 Sheldon Hearn writes:
 > The following reply was made to PR bin/20974; it has been noted by GNATS.
 > 
 > From: Sheldon Hearn <sheldonh@uunet.co.za>
 > To: Vivek Khera <khera@kcilink.com>
 > Cc: freebsd-gnats-submit@freebsd.org
 > Subject: Re: bin/20974: securelevel not reset when going to single user mode 
 > Date: Mon, 04 Sep 2000 13:39:46 +0200
 > 
 >  On Sun, 03 Sep 2000 08:30:06 MST, Vivek Khera wrote:
 >  
 >  >  It sure is hard to do system maintenance unless the secure level drops
 >  >  back to 0 in single user mode.  BSD/OS does this, and it makes sense
 >  >  to do so, I think.
 >  
 >  The CVS logs for init.c revealed something interesting:
 >  
 >  | revision 1.36
 >  | date: 1999/09/06 08:41:32;  author: kato;  state: Exp;  lines: +1 -7
 >  | FreeBSD kernel doesn't allow any process to decrease securelevel. So,
 >  | init(8) cannot decrease securelevel.  The manual page explains this
 >  | and single_user() doesn't try to downgrade kernel to insecure mode.
 >  | 
 >  | Reviewed by:	bde (manual page)
 >  
 >  As I said before, I don't think that the manual page describes the
 >  reality of the sitation.
 >  
 >  So now the issue is whether we want to allow the same behaviour as
 >  BSD/OS exhibits, and if so, how to teach the kernel to allow the
 >  dropping of the securelevel.
 
 I propose change via options in config file,
 because current state is very useful
 
 >  Ciao,
 >  Sheldon.
 
 -- 
 @BABOLO      http://links.ru/
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009041600.JAA20152>