netbsd-users: securelevel

Subject: securelevel
To: None <netbsd-users@NetBSD.org>
From: Aiko Barz <aiko@haeckser.de>
List: netbsd-users
Date: 10/24/2005 15:36:44

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA6D14E5B921A6BE3042EAB44
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

I couldn't find any useful informations on the NetBSD website.
(http://www.google.com/search?q=site:www.netbsd.org+securelevel)

I did "echo securelevel=1 >> /etc/rc.conf". Am I right, that it is now
impossible to load any modules or write to /dev/mem or /dev/kmem?

Imho this is a keyfeature and could be part of the FAQ.
If you want to do this with Linux you have to disable module-support at
all. Furthermore you need the grsecurity[1] patch to disable write
access to /dev/mem and /dev/kmem.

Bye,
	Aiko

[1]: http://www.grsecurity.com/ (Latest stable patch is for 2.6.11.12.)
-- 
Aiko Barz <aiko@haeckser.de>
Web: http://www.haeckser.de

--------------enigA6D14E5B921A6BE3042EAB44
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDXOObpffSm174ExcRA52PAJ9I8d03p7nu3iK0APcVfRMdwwD+JgCfS7TP
QDFJqbb1GdrPIVaHPQH2N2Y=
=1rxu
-----END PGP SIGNATURE-----

--------------enigA6D14E5B921A6BE3042EAB44--