From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Sep 19 22:01:29 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id WAA70924;
	Wed, 19 Sep 2001 22:01:29 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from souryu.st.ryukoku.ac.jp (souryu.st.ryukoku.ac.jp [133.83.4.51])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id WAA70919
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 19 Sep 2001 22:01:28 +0900 (JST)
	(envelope-from kjm@ideon.st.ryukoku.ac.jp)
Received: from ideon.st.ryukoku.ac.jp (ideon.st.ryukoku.ac.jp [133.83.36.5])
	by souryu.st.ryukoku.ac.jp (Postfix) with ESMTP id 30E491345D
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 19 Sep 2001 22:01:28 +0900 (JST)
Received: from ideon.st.ryukoku.ac.jp (ActionKamen@localhost [127.0.0.1])
	by ideon.st.ryukoku.ac.jp (8.11.3/3.7W/kjm-20010321) with ESMTP id f8JD1SJ17126
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 19 Sep 2001 22:01:28 +0900 (JST)
From: KOJIMA Hajime / =?ISO-2022-JP?B?GyRCPi5FZ0glGyhC?= <kjm@rins.ryukoku.ac.jp>
To: FreeBSD-users-jp@jp.freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Date: Wed, 19 Sep 2001 22:01:28 +0900
Message-ID: <17123.1000904488@ideon.st.ryukoku.ac.jp>
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 64378
Subject: [FreeBSD-users-jp 64378] kern_securelevel=1
 =?ISO-2022-JP?B?GyRCJEc9cSQtOX4kYSRKJCQbKEI=?= disks
 for mounted filesystems =?ISO-2022-JP?B?GyRCJEgkTxsoQg==?= ?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: kjm@ideon.st.ryukoku.ac.jp

  4.3-RELEASE $B$N(B init(8) $B$K$O!"(Bkern_securelevel $B$K$D$$$F(B

>  1     $B0BA4$J%b!<%I(B - $BJQ99IT2D%U%i%0$dDI2C$N$_$N%U%i%0$O%*%U$K$G$-$^$;$s!#(B
>        $B%^%&%s%H$5$l$?%U%!%$%k%7%9%F%`$N%G%#%9%/$*$h$S(B /dev/mem $B$d(B
>        /dev/kmem $B$O(B read-only $B$H$J$j$^$9!#%+!<%M%k%b%8%e!<%k(B ( kld(4) $B;2(B
>        $B>H(B) $B$O!"%m!<%I$*$h$S%"%s%m!<%I$G$-$^$;$s!#(B
 
  ($B1Q8l86J8(B)

>  1     Secure mode - the system immutable and system append-only flags may
>        not be turned off; disks for mounted filesystems, /dev/mem, and
>        /dev/kmem may not be opened for writing; kernel modules (see
>        kld(4)) may not be loaded or unloaded.

  $B$H=q$+$l$F$$$^$9!#;d$O$F$C$-$j!V(Bkern_securelevel=1 $B$K$9$k$H%U%!(B
  $B%$%k$X$N=q$-9~$_$O$G$-$J$$!W$N$@$H;W$C$F$$$?$N$G$9$,!"<B:]$K(B
  kern_securelevel=1 $B$K$7$F$_$k$H!"$=$l$O$G$-$F$7$^$$$^$9!#$b$A$m(B
  $B$s!"(Bschg $B$J$I$,IU2C$5$l$F$$$J$$>r7o2<$K$*$$$F!"$G$9$,!#(B

  $B$G$O!"!V%^%&%s%H$5$l$?%U%!%$%k%7%9%F%`$N%G%#%9%/!W$H$O$$$C$?$$2?(B
  $B$J$N$G$7$g$&$+(B?  $B%^%&%s%H$5$l$?%U%!%$%k%7%9%F%`$N2?$,(B may not be
  opened for writing $B$@$H$$$&$N$G$7$g$&$+(B?

  security(7) $B$K$O(B

> $B$3$NLdBj$rHr$1$k$?$a!"%7%9%F%`4IM}<T$O%+!<%M%k$r$h$j9b$$0BA4%l%Y(B
> $B%k(B (securelevel) $B!">/$J$/$H$b0BA4%l%Y%k(B 1 $B$G<B9T$5$;$kI,MW$,$"$j(B
> $B$^$9!#(Bsysctl $B$r;H$C$F(B kern.securelevel $BJQ?t$K0BA4%l%Y%k$r@_Dj$9(B
> $B$k$3$H$,$G$-$^$9!#$R$H$?$S0BA4%l%Y%k$K(B 1 $B$r@_Dj$9$k$H!"(B raw $B%G%P(B
> $B%$%9$KBP$9$k=q$-9~$_%"%/%;%9$O5qH]$5$l!"Nc$($P(B `schg' $B$N$h$&$JFC(B
> $BJL$J(B chflags $B%U%i%0$,8z2L$rH/4x$7$^$9!#(B

  $B$H$"$k$N$G$9$,!"!V%^%&%s%H$5$l$?%U%!%$%k%7%9%F%`$N%G%#%9%/!W(B=
  raw $B%G%P%$%9!"$HM}2r$7$F$h$m$7$$$N$G$7$g$&$+(B?

  $B$I$J$?$+$4B8$8$NJ}!"$*$7$($F$$$?$@$1$J$$$G$7$g$&$+(B?

----
// $B%;%-%e%j%F%#%9%?%8%"%`(B 2001: $B3+:E(B! 9/19-22
// http://sec-stadium.hawkeye.ac/

$B>.Eg(B $BH%(B - KOJIMA Hajime
[Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/
