Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: Allen Briggs <>
From: Greywolf <>
List: tech-kern
Date: 10/24/2000 14:50:40
On Tue, 24 Oct 2000, Allen Briggs wrote:

# init(8):
# ...
#            Downgrading from highly secure mode to insecure mode (that is, to
#            single-user mode) always requires the root password to be entered
#            on the console, whether the console is marked as 'secure' in
#            /etc/ttys or not.

I think it's time we looked at a securemode thing as a set of flags instead
of a number; I wouldn't mind having all of securemode 2 enabled less this
particular bit, but there's apparently no way to do this short of hacking
on the kernel on my box.

Also, I didn't see anything in there which mentioned, specifically,
locking the sysctl base, which is something that I noticed Jon (and
others?) wanted.

But, on the other hand, upon thinking about this, the format which would
be necessary for being able to tweak things ultimately ends up looking
like a Windoesn't registry.

# -allen

*BSD: Tap The Power.