Subject: Re: secure modes...?
To: None <>
From: Thor Lancelot Simon <>
List: current-users
Date: 09/09/2000 15:49:28
On Sat, Sep 09, 2000 at 10:43:00AM -0400, Mason Loring Bliss wrote:
> Hi, all. I'm running 1.5_ALPHA2 (built Thursday) on an i386. Browsing
> around in the init(8) man page, I read:
>      1     Secure mode - system immutable and system append-only flags may not
>            be turned off; disks for mounted filesystems, /dev/mem, and
>            /dev/kmem are read-only.
> I'm running in secure level 1, but I was able to unmount a filesystem on
> my box and change its type with disklabel. Should I have been able to do
> this? This would seem to imply that I could have done pretty much anything
> I liked to the disklabel.

You're right -- disklabel operations, as well as operations on partitions
which overlap mounted partitions, should be prohibited (or, more precisely,
*because* disklabel operations are operations on a partition which overlaps
a mounted partition, they should be prohibited at securelevel 1).

Unfortunately, when I proposed this change there were a large number of
objections.  That's why there's a securelevel 2.