Date: Tue, 7 Sep 1999 08:13:35 +0200 (MET DST) From: Nick Hibma <nick.hibma@jrc.it> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Greg Black <gjb-freebsd@gba.oz.au>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel Message-ID: <Pine.GS4.4.10.9909070811400.5634-100000@elect8> In-Reply-To: <199909070420.VAA77483@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I disagree quite strongly. DDB provides a mechanism to allow a > sysadmin to obtain a greater amount of information from a panic > situation then he could get otherwise. Being able to obtain this > information does not run counter to running with a raised securelevel. > > If the system winds up in a state where a kernel core cannot be > generated, DDB is the only way to figure out what is going on. > securelevel is a mechanism which attempts to guarentee data security, > at least to a degree. These two items do not clash. > Anyway, as soon as you can physically access the PC, youD loose anyway, independent of whether you can go into DDB to do things. You can reboot, boot a floppy. Yes you can do something about those things, but only to a limited extent. Nick -- ISIS/STA, T.P.270, Joint Research Centre, 21020 Ispra, Italy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GS4.4.10.9909070811400.5634-100000>