From maneo@staff.seccuris.com  Sat Oct 25 18:45:00 2003
Return-Path: <maneo@staff.seccuris.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D95B316A4B3
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 25 Oct 2003 18:45:00 -0700 (PDT)
Received: from staff.seccuris.com (staff.seccuris.com [204.112.0.40])
	by mx1.FreeBSD.org (Postfix) with SMTP id ED83743F75
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 25 Oct 2003 18:44:57 -0700 (PDT)
	(envelope-from maneo@staff.seccuris.com)
Received: (qmail 41711 invoked by uid 1006); 26 Oct 2003 01:44:56 -0000
Message-Id: <20031026014456.41710.qmail@staff.seccuris.com>
Date: 26 Oct 2003 01:44:56 -0000
From: Christian S.J.Peron <maneo@bsdpro.com>
Reply-To: Christian S.J.Peron <maneo@bsdpro.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] document how system security levels impact klds
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         58546
>Category:       docs
>Synopsis:       [patch] document how system security levels impact klds
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kensmith
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 25 18:50:20 PDT 2003
>Closed-Date:    Sun Oct 26 06:25:36 PST 2003
>Last-Modified:  Sun Oct 26 06:25:36 PST 2003
>Originator:     Christian S.J. Peron
>Release:        FreeBSD 4.8-RELEASE-p13 i386
>Organization:
>Environment:
System: FreeBSD movl 4.8-RELEASE-p13 FreeBSD 4.8-RELEASE-p13 #1: Sat Oct 25 16:45:55 UTC 2003 cperon@movl:/usr/src/sys/compile/STAFF i386


	
>Description:

The kld(4) manual page does not document how system
security levels can impact the loading and unloadng of
kernel modules.


	
>How-To-Repeat:
N/A
>Fix:

--- share/man/man4/kld.4.old	Sat Oct 25 19:38:06 2003
+++ share/man/man4/kld.4	Sat Oct 25 19:57:57 2003
@@ -88,6 +88,10 @@
 .Xr kldstat 8
 program is used to check the status of the modules currently loaded into the
 system.
+.Pp
+Kernel modules may only be loaded or unloaded if the system security level
+.Dq kern.securelevel
+is less than one. 
 .Sh "MODULE TYPES"
 .Bl -ohang
 .It Em "Device Driver modules"
@@ -125,7 +129,8 @@
 .Xr devd 8 ,
 .Xr kldload 8 ,
 .Xr kldstat 8 ,
-.Xr kldunload 8
+.Xr kldunload 8 ,
+.Xr sysctl 8
 .Sh BUGS
 If a module B, is dependent on another module A, but is not compiled with
 module A as a dependency, then
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->kensmith 
Responsible-Changed-By: kensmith 
Responsible-Changed-When: Sat Oct 25 19:29:12 PDT 2003 
Responsible-Changed-Why:  

I'll do this one, I recently hunted down who needs to review security 
related kernel stuff for another PR. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=58546 
State-Changed-From-To: open->closed 
State-Changed-By: kensmith 
State-Changed-When: Sun Oct 26 06:24:11 PST 2003 
State-Changed-Why:  

Your patch has been committed with one minor change.  I used the ".Va" 
markup for the sysctl variable instead of ".Dq".  Thanks! 


http://www.freebsd.org/cgi/query-pr.cgi?pr=58546 
>Unformatted:
