On Fri, Jan 13, 2012 at 07:11:01AM +0000, Chris Rees wrote:
> On 12 January 2012 23:44, David O'Brien <[email protected]> wrote:
> > 'LOGIN' states:
> > ? ? ? ?This is a dummy dependency to ensure user services such as xdm,
> > ? ? ? ?inetd, cron and kerberos are started after everything else, in
> > ? ? ? ?case the administrator has increased the system security level
> > ? ? ? ?and wants to delay user logins until the system is (almost) fully
> > ? ? ? ?operational.
> >
> > So based on that, 'securelevel' should have:
> > +# REQUIRE: sysctl
> > +# BEFORE: ?LOGIN
> > Otherwise a cronjob could act against securelevel=1+ for a short peroid
> > of time.
>
> Hm, but what if I have an @reboot line in crontab, that relies on
> securelevel <1?
Can you give an example?
$ man cron | grep @reboot
{empty}
$ man crontab | grep @reboot
{empty}
> Can't we change the wording in the docs instead?
We could, but that would sweep what I feel may be a security issue under
the rug.
--
-- David ([email protected])
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-rc
To unsubscribe, send any mail to "[email protected]"
