OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Pete Fritchman (petefdatabits.net)
Date: Fri Jan 05 2001 - 21:34:26 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    If you really want to temporarily lower it for an install, you could change
    your /etc/rc.conf value, reboot, install, change /etc/rc.conf back, reboot.

    If you modified your source to allow lowering of sercurelevel and then still
    used it, you'd be destroying any hint of what securelevel does for you.

    -pete

    ++ 05/01/01 21:30 -0500 - Evan S:
    >I know this may seem crazy. But, I _want_ to be able to lower the secure
    >level. What part of the soruce would I need to edit in order to fix this?
    >
    >I have some special circumstances.. I run a public root-access machine.
    >
    >Thanks,
    >
    >Evan Sarmiento (kaworusektor7.ath.cx)
    >http://sekt7.org/es
    >
    >On Fri, 5 Jan 2001, Erick Mechler wrote:
    >
    >> You can't change the securelevel to anything lower without rebooting
    >> the machine, but you can raise it. If you could lower it using some
    >> userland command, it won't really be that secure, no?
    >>
    >> >From the securelevel manpage:
    >>
    >> The kernel runs with four different levels of security. Any super-user
    >> process can raise the security level, but no process can lower it.
    >>
    >> The securelevel definitions are also on the same manpage.
    >>
    >> Regards,
    >> Erick
    >>
    >> At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this:
    >> :: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting
    >> :: the machine.
    >> ::
    >> :: I've run into problems installing new kernels with a kernelsecure level of
    >> :: 2, but so far, the only way I've figured out to change the kernel secure
    >> :: level is to modify rc.conf, changing the secure level and rebooting the
    >> :: machine.
    >> ::
    >> :: How do i accomplish this without a reboot, or, if i am going at it all
    >> :: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2?
    >> ::
    >> :: TIA
    >> ::
    >> :: Peter Brezny
    >> :: SysAdmin Services Inc.
    >> ::
    >> ::
    >> ::
    >> :: To Unsubscribe: send mail to majordomoFreeBSD.org
    >> :: with "unsubscribe freebsd-security" in the body of the message
    >>
    >>
    >> To Unsubscribe: send mail to majordomoFreeBSD.org
    >> with "unsubscribe freebsd-security" in the body of the message
    >>
    >
    >
    >
    >To Unsubscribe: send mail to majordomoFreeBSD.org
    >with "unsubscribe freebsd-security" in the body of the message 

    --
Pete Fritchman <petefdatabits.net>
Databits Network Services, Inc. <http://databits.net>

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message