Unable to open /dev/io
admin at asarian-host.net
Sat Jul 26 16:36:43 PDT 2003
----- Original Message -----
From: "Jerry McAllister" <jerrymc at clunix.cl.msu.edu>
To: "Mark" <admin at asarian-host.net>
Cc: <freebsd-questions at freebsd.org>
Sent: Sunday, July 27, 2003 1:20 AM
Subject: Re: Unable to open /dev/io
> > Earlier, I had asked a question on how to write a byte to the parallel
> > port. And Daan Vreeken was kind enough to point me to a litle c-source
> > that uses /dev/io.
> > Unfortunately, as I just found out, when I raise kern.securelevel to 2
> > (FreeBSD 4.7R), I can no longer open /dev/io for writing. :( That means
> > I can no longer use this method; because there is no way I will allow my
> > production server to run at kern.securelevel lower than 2. Which means I
> > am back to square one. :(
> > Sigh. Is there then no way to write a simple 0 or 1 to the parallel
> > port, without compromizing the security of the server at large?
> Do you really need to set the secure level to 2?
Yes. :) Because, as the man-pages say, "This level precludes tampering with
filesystems by unmounting them." Besides, even on securelevel 1 you can no
longer open /dev/io for writing. So, that would mean I'd have to drop all
the way to securelevel 0; and that is a steep fall.
> What for?
I may not run the Pentagon, but I maintain certain security standards. :)
One of them is, that I do not lower the entire server to "Insecure mode"
just so I can side-step a certain problem. If I start taking short-cuts like
that, I might as well quit tomorrow.
More information about the freebsd-questions