On Thu, 7 Sep 2000, Zach N. Heilig wrote:
> On Thu, Sep 07, 2000 at 06:33:20PM +0200, Paul Herman wrote:
>
> > Here is a patch which will allow init(8) (or rather, any process with
> > PID 1) to lower the securelevel to 0 when going into single-user
> > maintenence mode. This has no effect if securelevel is -1.
>
> This was the behavior a while back. It was removed on purpose. (because
> an attacker could attach to PID 1 with a debugger and cause it to lower
> secure level without going to single user mode.)
You can't trace PID 1 when securelevel > 0.
/src/sys/kern/subr_process.c
So I think it's still safe...
-Paul.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
