*BSD News Article 99496


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!inferno.mpx.com.au!news.ci.com.au!brian.telstra.net!news.telstra.net!nsw.news.telstra.net!news.syd.connect.com.au!news.mel.connect.com.au!news.mel.aone.net.au!news-out.internetmci.com!infeed2.internetmci.com!newsfeed.internetmci.com!ais.net!vixen.cso.uiuc.edu!newsrelay.iastate.edu!news.iastate.edu!idea.exnet.iastate.edu!flipk
From: flipk@idea.exnet.iastate.edu (Phillip F Knaack)
Newsgroups: comp.unix.bsd.openbsd.misc
Subject: Re: securelevel bogosity
Date: 12 Jul 1997 00:13:51 GMT
Organization: Iowa State University, Ames, Iowa, USA
Lines: 26
Message-ID: <5q6i7v$a83$1@news.iastate.edu>
References: <5q6acj$rl5$3@newbabylon.rs.itd.umich.edu>
NNTP-Posting-Host: idea.exnet.iastate.edu
X-Newsreader: NN version 6.5.1.1 (NOV)
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.openbsd.misc:179

dugsong@umich.edu (Dug Song) writes:

>so i built a kernel with option INSECURE and specified securelevel=0
>in /etc/rc.securelevel, and yet init still ends up setting
>kern.securelevel to 1 (i'm not sure where or how, as it's not in
>/etc/rc). i'm baffled.

>what am i overlooking?

	It has been a while since I've played with securelevel stuff, but
here's how I think it goes: anytime kern.securelevel is -1 (negative 1),
then nothing automatic will raise it.  This is also what option INSECURE
does, to cause kern.securelevel to be -1 at boot.

	When you set it to 0 in rc.securelevel, you are bypassing INSECURE,
and so it gets bumped to 1 at multiuser anyway.  You need to leave
kern.securelevel alone in rc.securelevel for it to stay at -1, i.e., 
comment out the sysctl command.

Cheers,
Phil
--
   Interoperation with matter-transporters using polar coordinate
   systems is discouraged, due to round-off and other algorithmic errors
   in certain ubiquitous floating-point implementations, leading to
   results which are best discreetly described as "disappointing." --RFC 1437