From m-braithwaite@sjca.edu  Sun Mar  2 21:29:22 1997
Received: from whorfin.sjca.edu (SHnubjtpsux51FWK93cedmTHF/BRIJ8G@whorfin.sjca.edu [199.89.180.2])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA00465
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 2 Mar 1997 21:29:22 -0800 (PST)
Received: from continuity.sjca.edu (slip-f.sjca.edu [199.89.180.254])
	by whorfin.sjca.edu (8.8.5/8.8.5) with ESMTP id AAA18493
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 3 Mar 1997 00:29:14 -0500 (EST)
Received: (mab@localhost) by continuity.sjca.edu (8.7.5/8.6.12) id AAA13107; Mon, 3 Mar 1997 00:30:36 -0500 (EST)
Message-Id: <199703030530.AAA13107@continuity.sjca.edu>
Date: Mon, 3 Mar 1997 00:30:36 -0500 (EST)
From: mab@sjca.edu
Reply-To: m-braithwaite@sjca.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: init(8) man page does not document securelevel properly
X-Send-Pr-Version: 3.2

>Number:         2850
>Category:       docs
>Synopsis:       init(8) man page does not document securelevel properly
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar  2 21:30:01 PST 1997
>Closed-Date:    Fri Jun 19 01:36:22 PDT 1998
>Last-Modified:  Fri Jun 19 01:36:56 PDT 1998
>Originator:     Matt Braithwaite
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
Matt Braithwaite #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
http://          $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
www.sjca.edu/    2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
ph/m-braithwaite pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)
>Environment:
true for -stable up to 2.1.7-RELEASE
>Description:
There are a couple problems with the documentation of kernel security levels:

1) The init(8) manual page states that the kernel boots at securelevel
0.  This isn't true; by default it is set to -1.

2) The interface to changing the security level (editing
/usr/src/sys/kern/kern_sysctl.h or something like that) is not
documented.  Also, the interface stinks, but this is supposed to be a
doc bug. :-)

3) The manual page ought to warn that configuring a kernel to boot at
securelevel 1 or 2 can cause autobooting to fail, because the kernel
will not be able to do fsck on dirty filesystems.  I speak from
experience on this one.

4) Saying that securelevel can be raised to 2 in /etc/rc is a little
vague.  It ought to state at exactly what point in booting securelevel
can be raised---like, say, right at the end.  If you did it before the
filesystem checks, things would be bad.  That would be clueless of
course, but... Really, there should be an /etc/sysconfig interface to
securelevel; this would un-obfuscate things considerably.

>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:

From: Bruce Evans <bde@zeta.org.au>
To: FreeBSD-gnats-submit@FreeBSD.org, mab@sjca.edu
Cc:  Subject: Re: docs/2850: init(8) man page does not document securelevel properly
Date: Mon, 3 Mar 1997 18:19:48 +1100

 Oops, please ignore my half-finished reply to this.
 
 Bruce

From: Bruce Evans <bde@zeta.org.au>
To: FreeBSD-gnats-submit@FreeBSD.org, mab@sjca.edu
Cc:  Subject: Re: docs/2850: init(8) man page does not document securelevel properly
Date: Mon, 3 Mar 1997 18:18:26 +1100

 >There are a couple problems with the documentation of kernel security levels:
 >
 >1) The init(8) manual page states that the kernel boots at securelevel
 >0.  This isn't true; by default it is set to -1.
 
 Fixed in -current.
 
 >2) The interface to changing the security level (editing
 >/usr/src/sys/kern/kern_sysctl.h or something like that) is not
 >documented.  Also, the interface stinks, but this is supposed to be a
 >doc bug. :-)
 
 That's not the interface.  The sysadmin interface is
 `sysctl -w kern.securelevel=whatever'.  This is sort of documented even
 in 2.1.7.  The bit about editing sys/param.c was misleading even before
 the default was changed -1.  E.g., there's not much point to setting
 the level to > 0 in the kernel, since init will reduce the level to 0
 if the system is shut down to single user mode.
 
 >3) The manual page ought to warn that configuring a kernel to boot at
 >securelevel 1 or 2 can cause autobooting to fail, because the kernel
 >will not be able to do fsck on dirty filesystems.  I speak from
 >experience on this one.
 
 Level 1 should work.  However, level 1 provides no security for disks
 under FreeBSD (although it is supposed to secure mounted partitions).
 
 >4) Saying that securelevel can be raised to 2 in /etc/rc is a little
 >vague.  It ought to state at exactly what point in booting securelevel
 >can be raised---like, say, right at the end.  If you did it before the
 >filesystem checks, things would be bad.  That would be clueless of
 >course, but... Really, there should be an /etc/sysconfig interface to
 >securelevel; this would un-obfuscate things considerably.
 >
 >>How-To-Repeat:
 >>Fix:
 >>Audit-Trail:
 >>Unformatted:
 >
State-Changed-From-To: open->closed 
State-Changed-By: jkoshy 
State-Changed-When: Fri Jun 19 01:36:22 PDT 1998 
State-Changed-Why:  
Fixed in rev 1.11 of "init.8". 
>Unformatted:
