[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [obsdfr-misc] Mise à jour

From: Francois Visconte <fv AT kh3 POINT org>
To: openbsd-france-misc AT openbsd-france POINT org, crem_crem AT hotmail POINT com
Subject: Re: [obsdfr-misc] Mise à jour
Date: Tue, 17 Oct 2006 16:23:36 +0200

Désolé pour la démultiplication des mails , mais j'aimerais faire unederniere précision pour ceux qui veulent aller au fond des choses:


" raw disk devices are always read-only whether mounted or not":

165 miscfs/specfs/spec_vnops.c 			if (securelevel >= 2 && cdevsw[maj].d_type == D_DISK)
199 miscfs/specfs/spec_vnops.c 		if (securelevel >= 2 && ap->a_cred != FSCRED &&

"settimeofday(2) and clock_settime(2) may not set the time backwards or close to overflow" :

95 kern/kern_time.c 	if (securelevel > 1 && timespeccmp(ts, &now, <)) {
141 kern/kern_time.c 	if (securelevel > 1 && timercmp(tv, &time, <)) {


" pf(4) filter and NAT rules may not be altered"

1194 net/pf_ioctl.c 	if (securelevel > 1)


"the ddb.console and ddb.panic sysctl(8) variables may not be raised":

Autres:Pas de ioctl sur les IOP devices (iop(4)):


2358 dev/i2o/iop.c  	if (securelevel >= 2)

Ne permet pas un securelevel inférieure (sauf par le programme init) :323 kern/kern_sysctl.c level < securelevel && p->p_pid != 1)




J'en ai surement oublié mais bon....

(cf. http://www.codespelunking.org/openbsd-current/htags/Y/58877.html)

A+

François

References:
- Mise à jour
  - From: tempus
- Re: [obsdfr-misc] Mise à jour
  - From: tempus
- Re: [obsdfr-misc] Mise à jour
  - From: Cabillot Julien
- Re: [obsdfr-misc] Mise à jour
  - From: tempus

Prev by Date: Votre avis
Next by Date: Intel PRO/1000 GT Quad-Port Server ne marche pas
Previous by thread: Re: [obsdfr-misc] Mise à jour
Next by thread: Re: [obsdfr-misc] Mise à jour
Index(es):
- Date
- Thread