From nobody@FreeBSD.org  Sat Oct 14 09:29:51 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BA58016A407
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Oct 2006 09:29:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D3AF843D6A
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Oct 2006 09:29:41 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k9E9Tf7T012199
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Oct 2006 09:29:41 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k9E9Tfuq012198;
	Sat, 14 Oct 2006 09:29:41 GMT
	(envelope-from nobody)
Message-Id: <200610140929.k9E9Tfuq012198@www.freebsd.org>
Date: Sat, 14 Oct 2006 09:29:41 GMT
From: "Dr. Markus Waldeck"<waldeck@gmx.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: man security should mention that the usage of the X Window Systen is only possible with kern.securitylevel=-1
X-Send-Pr-Version: www-3.0

>Number:         104403
>Category:       docs
>Synopsis:       man security should mention that the usage of the X Window Systen is only possible with kern.securitylevel=-1
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    keramida
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 14 09:30:32 GMT 2006
>Closed-Date:    Tue Jan 27 16:26:27 UTC 2009
>Last-Modified:  Tue Jan 27 16:30:01 UTC 2009
>Originator:     Dr. Markus Waldeck
>Release:        7.1
>Organization:
>Environment:
FreeBSD fb 7.0-CURRENT-200610 FreeBSD 7.0-CURRENT-200610 #2: Tue Oct 10 06:42:33 CEST 2006     
root@fb:/usr/src/sys/i386/compile/FB70B01  i386

>Description:
man security should mention that the usage of the X Window Systen is only
possible with kern.securitylevel=-1.
With kern.securitylevel=0 or higher it is not possible to start X.
>How-To-Repeat:
sysctl kern.securitylevel=0 
try to start X
>Fix:
Add the fact in the man page.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-doc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Oct 14 18:57:30 UTC 2006 
Responsible-Changed-Why:  
This is a docs, not misc, PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=104403 

From: Sam Lawrance <lawrance@FreeBSD.org>
To: bug-followup@FreeBSD.org,
 waldeck@gmx.de
Cc:  
Subject: Re: docs/104403: man security should mention that the usage of the X Window Systen is only possible with kern.securitylevel=-1
Date: Mon, 6 Nov 2006 00:29:18 +1100

 I don't think the security manpage is the right place for this.   
 Raising securelevel can prevent a lot of things from working, but we  
 can't try to document them all in the manpage.  This issue is already  
 mentioned in the FAQ; maybe a mention in the "X Window System"  
 section of the handbook is worth considering.
 

From: Giorgos Keramidas <keramida@freebsd.org>
To: "Dr. Markus Waldeck" <waldeck@gmx.de>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: docs/104403: man security should mention that the usage of the X Window Systen is only possible with kern.securitylevel=-1
Date: Sun, 12 Nov 2006 01:18:11 +0100

 On 2006-10-14 09:29, "Dr. Markus Waldeck" <waldeck@gmx.de> wrote:
 > man security should mention that the usage of the X Window Systen is
 > only possible with kern.securitylevel=-1.
 >
 > With kern.securitylevel=0 or higher it is not possible to start X.
 
 You can still use `xdm' or a similar way of starting X11, because
 it will be started by init(8) before the securelevel is raised by
 the `/etc/rc.d/securelevel' script.
 
 I don't think this is worth mentioning in security(7), because
 we can't possibly document *ALL* the possible things that can
 fail with a bumped securelevel.
 

From: Giorgos Keramidas <keramida@freebsd.org>
To: Niclas Zeising <lothrandil@n00b.apagnu.se>
Cc: bug-followup@freebsd.org
Subject: Re: docs/104403: man security should mention that the usage of the X Window Systen is only possible with kern.securitylevel=-1
Date: Sun, 12 Nov 2006 14:37:44 +0100

 On 2006-11-12 10:52, Niclas Zeising <lothrandil@n00b.apagnu.se> wrote:
 >Giorgos Keramidas wrote:
 >>> With kern.securitylevel=0 or higher it is not possible to start X.
 >>
 >> You can still use `xdm' or a similar way of starting X11, because
 >> it will be started by init(8) before the securelevel is raised by
 >> the `/etc/rc.d/securelevel' script.
 >>
 >> I don't think this is worth mentioning in security(7), because
 >> we can't possibly document *ALL* the possible things that can
 >> fail with a bumped securelevel.
 >
 > It it probably worth mentioning somewhere, as it will avoid some foot
 > shooting from unaware users. One can discuss though that if the extra
 > security provided by the security level is needed, maybe the system
 > shouldn't run X in the first place.
 
 I'm not sure.
 
 Should we also mention that you can't "installworld" with an elevated
 securelevel, because chflags may fail to work and cause problems?
 Should we also mention that not being able to change the firewall rules
 can be tricky, if you are testing your new firewall ruleset, and get
 locked out?
 
 There are *MANY* ways in which an elevated securelevel can turn around
 and bite you in the ass, but do we _really_ have to enumerate them all
 in mind-boggingly detail?  ... in a single manpage?
 
 I really don't know.
 

From: Niclas Zeising <lothrandil@n00b.apagnu.se>
To: Giorgos Keramidas <keramida@freebsd.org>
Cc: bug-followup@freebsd.org,  doc@freebsd.org
Subject: Re: docs/104403: man security should mention that the usage of the
 X Window Systen is only possible with kern.securitylevel=-1
Date: Sun, 12 Nov 2006 14:55:42 +0100

 Giorgos Keramidas wrote:
 > On 2006-11-12 10:52, Niclas Zeising <lothrandil@n00b.apagnu.se> wrote:
 >> Giorgos Keramidas wrote:
 >>>> With kern.securitylevel=0 or higher it is not possible to start X.
 >>> You can still use `xdm' or a similar way of starting X11, because
 >>> it will be started by init(8) before the securelevel is raised by
 >>> the `/etc/rc.d/securelevel' script.
 >>>
 >>> I don't think this is worth mentioning in security(7), because
 >>> we can't possibly document *ALL* the possible things that can
 >>> fail with a bumped securelevel.
 >> It it probably worth mentioning somewhere, as it will avoid some foot
 >> shooting from unaware users. One can discuss though that if the extra
 >> security provided by the security level is needed, maybe the system
 >> shouldn't run X in the first place.
 > 
 > I'm not sure.
 > 
 > Should we also mention that you can't "installworld" with an elevated
 > securelevel, because chflags may fail to work and cause problems?
 > Should we also mention that not being able to change the firewall rules
 > can be tricky, if you are testing your new firewall ruleset, and get
 > locked out?
 > 
 > There are *MANY* ways in which an elevated securelevel can turn around
 > and bite you in the ass, but do we _really_ have to enumerate them all
 > in mind-boggingly detail?  ... in a single manpage?
 > 
 > I really don't know.
 > 
 
 I believe they should be documented somewhere, to avoid questions. But 
 you are right in that there are numerous consequences in raising secure 
 levels and that it might be a bit over the top to document them all. 
 Maybe I/we have to face the fact that it's too much and/or unnecessary 
 to document all consequences, and rely on that if a sysadmin feels the 
 need to raise the secure-level he knows what he's doing and the 
 consequences of doing so.
 Maybe the biggest issues in raising secure-level should be mentioned, 
 but then again, who decides which those issues are?
 
 Maybe it's best to leave the documentation regarding this as it is, and 
 give an answer whenever the issues pops up.
 //Niclas

From: Giorgos Keramidas <keramida@FreeBSD.org>
To: Niclas Zeising <lothrandil@n00b.apagnu.se>
Cc: bug-followup@FreeBSD.org
Subject: Re: docs/104403: man security should mention that the usage of the X Window Systen is only possible with kern.securitylevel=-1
Date: Sun, 12 Nov 2006 15:29:27 +0100

 On 2006-11-12 14:55, Niclas Zeising <lothrandil@n00b.apagnu.se> wrote:
 >Giorgos Keramidas wrote:
 >> I'm not sure.
 >> 
 >> Should we also mention that you can't "installworld" with an elevated
 >> securelevel, because chflags may fail to work and cause problems?
 >> Should we also mention that not being able to change the firewall
 >> rules can be tricky, if you are testing your new firewall ruleset,
 >> and get locked out?
 >> 
 >> There are *MANY* ways in which an elevated securelevel can turn
 >> around and bite you in the ass, but do we _really_ have to enumerate
 >> them all in mind-boggingly detail?  ... in a single manpage?
 >> 
 >> I really don't know.
 > 
 > I believe they should be documented somewhere, to avoid questions.
 
 I believe a manpage is not the right place for long, detailed, filled
 with gory details explanation of all the possible scenarios that can go
 wrong.  I mean, there are ways to destroy a system with rm(1) too, but
 we don't have a list of funny, albeit dangerous "rm -fr /" scenarios in
 that manpage too.
 
 This sort of stuff, in my opinion, belongs to a tutorial style guide,
 i.e.  something like a "Mini Guide for Security on FreeBSD".  A manpage
 should be written as a 'reference' guide, but that's only *my* point of
 view.
 
 > But you are right in that there are numerous consequences in raising
 > secure levels and that it might be a bit over the top to document them
 > all.  Maybe I/we have to face the fact that it's too much and/or
 > unnecessary to document all consequences, and rely on that if a
 > sysadmin feels the need to raise the secure-level he knows what he's
 > doing and the consequences of doing so.  Maybe the biggest issues in
 > raising secure-level should be mentioned, but then again, who decides
 > which those issues are?
 
 EXACTLY!
 
 Picking up what level of detail we want to appear in a manpage is not
 easy if we let all the details about all potentially harmful scenarios
 go in.  But if we treat manpages as 'reference' material, then the field
 is much much more clear.
 
 For example, we don't document all the different ways that fgets(3) can
 be abused in its manpage.  We don't document all the potentially stupid
 ways to use scanf(3) in its manpage either.  What we *do* write about in
 most manpages is a `reference guide'.
 
 > Maybe it's best to leave the documentation regarding this as it is,
 > and give an answer whenever the issues pops up.
 
 Or we can expand, extend and clean up the ``Security'' chapter of the
 Handbook, which has the potential and the purpose of being a guide which
 matches both a `tutorial' and `reference' styles (depending on how
 complete and nicely written the relevant sections are, of course).
 
 - Giorgos

From: Niclas Zeising <lothrandil@n00b.apagnu.se>
To: Giorgos Keramidas <keramida@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: docs/104403: man security should mention that the usage of the
 X Window Systen is only possible with kern.securitylevel=-1
Date: Sun, 12 Nov 2006 15:45:01 +0100

 Giorgos Keramidas wrote:
 > On 2006-11-12 14:55, Niclas Zeising <lothrandil@n00b.apagnu.se> wrote:
 >> Giorgos Keramidas wrote:
 >>> I'm not sure.
 >>>
 >>> Should we also mention that you can't "installworld" with an elevated
 >>> securelevel, because chflags may fail to work and cause problems?
 >>> Should we also mention that not being able to change the firewall
 >>> rules can be tricky, if you are testing your new firewall ruleset,
 >>> and get locked out?
 >>>
 >>> There are *MANY* ways in which an elevated securelevel can turn
 >>> around and bite you in the ass, but do we _really_ have to enumerate
 >>> them all in mind-boggingly detail?  ... in a single manpage?
 >>>
 >>> I really don't know.
 >> I believe they should be documented somewhere, to avoid questions.
 > 
 > I believe a manpage is not the right place for long, detailed, filled
 > with gory details explanation of all the possible scenarios that can go
 > wrong.  I mean, there are ways to destroy a system with rm(1) too, but
 > we don't have a list of funny, albeit dangerous "rm -fr /" scenarios in
 > that manpage too.
 
 I was not referring exclusively to a man page, rather that it should be 
 documented somewhere.  I agree with you that a man page is not the right 
 place for this type of documentation, it is more of a reference.  What 
 the man page can have is a reference to documentation which discuss 
 issues etc. in more detail so the user reading the man page knows where 
 to look if the information wasn't enough.
 
 > 
 > This sort of stuff, in my opinion, belongs to a tutorial style guide,
 > i.e.  something like a "Mini Guide for Security on FreeBSD".  A manpage
 > should be written as a 'reference' guide, but that's only *my* point of
 > view.
 
 Yup.
 
 > 
 >> But you are right in that there are numerous consequences in raising
 >> secure levels and that it might be a bit over the top to document them
 >> all.  Maybe I/we have to face the fact that it's too much and/or
 >> unnecessary to document all consequences, and rely on that if a
 >> sysadmin feels the need to raise the secure-level he knows what he's
 >> doing and the consequences of doing so.  Maybe the biggest issues in
 >> raising secure-level should be mentioned, but then again, who decides
 >> which those issues are?
 > 
 > EXACTLY!
 > 
 > Picking up what level of detail we want to appear in a manpage is not
 > easy if we let all the details about all potentially harmful scenarios
 > go in.  But if we treat manpages as 'reference' material, then the field
 > is much much more clear.
 
 True. Everybody just has to agree on that. I think it's a reasonable 
 line to draw: Man pages are references, tutorials and other documents 
 can go into more depth.  Maybe we should state that somewhere?  Or is 
 that to overdo things?
 
 > 
 > For example, we don't document all the different ways that fgets(3) can
 > be abused in its manpage.  We don't document all the potentially stupid
 > ways to use scanf(3) in its manpage either.  What we *do* write about in
 > most manpages is a `reference guide'.
 > 
 >> Maybe it's best to leave the documentation regarding this as it is,
 >> and give an answer whenever the issues pops up.
 > 
 > Or we can expand, extend and clean up the ``Security'' chapter of the
 > Handbook, which has the potential and the purpose of being a guide which
 > matches both a `tutorial' and `reference' styles (depending on how
 > complete and nicely written the relevant sections are, of course).
 
 I can see if I manage to hack some lines together regarding secure 
 level, since I'm already in the security chapter mucking about.
 I just hope I realize when I'm in for too much ;)
 Regards!
 //Niclas
 
Responsible-Changed-From-To: freebsd-doc->keramida 
Responsible-Changed-By: keramida 
Responsible-Changed-When: Tue Jan 27 01:03:16 UTC 2009 
Responsible-Changed-Why:  
Working with Tom on a Handbook patch for this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=104403 
State-Changed-From-To: open->closed 
State-Changed-By: keramida 
State-Changed-When: Tue Jan 27 16:23:59 UTC 2009 
State-Changed-Why:  
I have expanded a bit the description of kern.securelevel in 
the Handbook, including a note about X11 and installworld as 
part of the changes.  Thenk you for noticing the original 
problem and reporting it to us :) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=104403 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/104403: commit references a PR
Date: Tue, 27 Jan 2009 16:23:59 +0000 (UTC)

 keramida    2009-01-27 16:23:45 UTC
 
   FreeBSD doc repository
 
   Modified files:
     en_US.ISO8859-1/books/handbook/security chapter.sgml 
   Log:
   Expand a bit the description of kern.securelevel in the Handbook,
   adding a note about possible problems with X11 or installworld
   when securelevel >= 1.
   
   PR:             docs/104403
   Submitted by:   Dr. Markus Waldeck, waldeck (at) gmx.de
   Reviewed by:    trhodes
   
   Revision  Changes    Path
   1.333     +59 -19    doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
