Date: Mon, 4 Sep 2000 09:00:03 -0700 (PDT) From: "Aleksandr A.Babaylov" <babolo@links.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/20974: securelevel not reset when going to single user mode Message-ID: <200009041600.JAA20152@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/20974; it has been noted by GNATS. From: "Aleksandr A.Babaylov" <babolo@links.ru> To: sheldonh@uunet.co.za Cc: freebsd-bugs@freebsd.org Subject: Re: bin/20974: securelevel not reset when going to single user mode Date: Mon, 4 Sep 2000 19:49:22 +0400 (MSD) Sheldon Hearn writes: > The following reply was made to PR bin/20974; it has been noted by GNATS. > > From: Sheldon Hearn <sheldonh@uunet.co.za> > To: Vivek Khera <khera@kcilink.com> > Cc: freebsd-gnats-submit@freebsd.org > Subject: Re: bin/20974: securelevel not reset when going to single user mode > Date: Mon, 04 Sep 2000 13:39:46 +0200 > > On Sun, 03 Sep 2000 08:30:06 MST, Vivek Khera wrote: > > > It sure is hard to do system maintenance unless the secure level drops > > back to 0 in single user mode. BSD/OS does this, and it makes sense > > to do so, I think. > > The CVS logs for init.c revealed something interesting: > > | revision 1.36 > | date: 1999/09/06 08:41:32; author: kato; state: Exp; lines: +1 -7 > | FreeBSD kernel doesn't allow any process to decrease securelevel. So, > | init(8) cannot decrease securelevel. The manual page explains this > | and single_user() doesn't try to downgrade kernel to insecure mode. > | > | Reviewed by: bde (manual page) > > As I said before, I don't think that the manual page describes the > reality of the sitation. > > So now the issue is whether we want to allow the same behaviour as > BSD/OS exhibits, and if so, how to teach the kernel to allow the > dropping of the securelevel. I propose change via options in config file, because current state is very useful > Ciao, > Sheldon. -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009041600.JAA20152>