kernel secure level??

[Alexander Mogilny]

On 7/10/06, steve <steve at foo-unix.org> wrote:
> Hi all,
>
> I found this very interesting. In FreeBSD, can you just
> # sysctl kern.securelevel=-1
> at the command line and step down securelevel in FreeBSD without rebooting?
>

I have just read more documentation on sysctl values and found that
kern.securelevel value is only available for increment. So it is
impossible to decrease it after setting it to 2. The only way to do
this is to change FreeBSD sources, this is an evil hack but still
possible. :)
To my opinion setting securelevel value to 2 means that this machine
should be forgotten forever, untouchable and perform some core
functionality. Such machines should be some kind of routers which are
never rebooted and always online. My point here is that you should
deeply analyze the structure of your network and create more
structured server functionality so that you perform ipfilter
configuration changes on some other machine with normal security
level, of if this is improper for you perform some local sources
modifications and implement patches making this sysctl values
available for changing.

-- 
AIM-UANIC             +-----[ FreeBSD ]-----+
Alexander Mogilny     | The Power to Serve! |
<> sg at portaone.com    +---------------------+