diff options
| -rw-r--r-- | share/man/man4/options.4 | 21 | ||||
| -rw-r--r-- | share/man/man7/securelevel.7 | 7 | ||||
| -rw-r--r-- | sys/arch/alpha/alpha/machdep.c | 6 | ||||
| -rw-r--r-- | sys/arch/amd64/amd64/machdep.c | 6 | ||||
| -rw-r--r-- | sys/arch/i386/i386/machdep.c | 6 | ||||
| -rw-r--r-- | sys/arch/macppc/macppc/machdep.c | 6 | ||||
| -rw-r--r-- | sys/arch/socppc/socppc/machdep.c | 6 | ||||
| -rw-r--r-- | sys/arch/sparc64/sparc64/machdep.c | 6 | ||||
| -rw-r--r-- | sys/conf/GENERIC | 4 |
9 files changed, 11 insertions, 57 deletions
diff --git a/share/man/man4/options.4 b/share/man/man4/options.4 index 3bda2e733ea..7d9ecf9baab 100644 --- a/share/man/man4/options.4 +++ b/share/man/man4/options.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: options.4,v 1.243 2016/03/10 08:56:46 jmc Exp $ +.\" $OpenBSD: options.4,v 1.244 2016/09/18 14:28:04 deraadt Exp $ .\" $NetBSD: options.4,v 1.21 1997/06/25 03:13:00 thorpej Exp $ .\" .\" Copyright (c) 1998 Theo de Raadt @@ -34,7 +34,7 @@ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" -.Dd $Mdocdate: March 10 2016 $ +.Dd $Mdocdate: September 18 2016 $ .Dt OPTIONS 4 .Os .Sh NAME @@ -341,23 +341,6 @@ While not IP specific, this option is usually used in conjunction with option .Em IPSEC . .It Cd option EISAVERBOSE Makes the boot process more verbose for EISA peripherals. -.It Cd option INSECURE -Hardwires the kernel security level at \-1. -This means that the system always runs in securelevel 0 mode, even when -running multiuser. -See -.Xr init 8 -for details on the implications of this. -The kernel secure level may be manipulated by the superuser by altering the -.Em kern.securelevel -sysctl variable. -(It should be noted that the securelevel may only be lowered by a call from -process ID 1, i.e., -.Xr init 8 . ) -See also -.Xr sysctl 8 -and -.Xr sysctl 3 . .It Cd option KMEMSTATS The kernel memory allocator, .Xr malloc 9 , diff --git a/share/man/man7/securelevel.7 b/share/man/man7/securelevel.7 index 779c0c18e2c..3268148dff3 100644 --- a/share/man/man7/securelevel.7 +++ b/share/man/man7/securelevel.7 @@ -1,4 +1,4 @@ -.\" $OpenBSD: securelevel.7,v 1.25 2014/10/09 04:23:04 tedu Exp $ +.\" $OpenBSD: securelevel.7,v 1.26 2016/09/18 14:28:05 deraadt Exp $ .\" .\" Copyright (c) 2000 Hugh Graham .\" @@ -23,7 +23,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 9 2014 $ +.Dd $Mdocdate: September 18 2016 $ .Dt SECURELEVEL 7 .Os .Sh NAME @@ -136,9 +136,6 @@ variable. However, only .Xr init 8 may lower it once the system has entered secure mode. -A kernel built with -.Cm option INSECURE -in the config file will default to permanently insecure mode. .Pp Highly secure mode may seem Draconian, but is intended as a last line of defence should the superuser account be compromised. diff --git a/sys/arch/alpha/alpha/machdep.c b/sys/arch/alpha/alpha/machdep.c index 84b92688741..6c3f58edb9c 100644 --- a/sys/arch/alpha/alpha/machdep.c +++ b/sys/arch/alpha/alpha/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.174 2016/05/21 00:56:41 deraadt Exp $ */ +/* $OpenBSD: machdep.c,v 1.175 2016/09/18 14:28:04 deraadt Exp $ */ /* $NetBSD: machdep.c,v 1.210 2000/06/01 17:12:38 thorpej Exp $ */ /*- @@ -150,12 +150,8 @@ struct vm_map *phys_map = NULL; int safepri = 0; #ifdef APERTURE -#ifdef INSECURE -int allowaperture = 1; -#else int allowaperture = 0; #endif -#endif int totalphysmem; /* total amount of physical memory in system */ int physmem; /* physical mem used by OpenBSD + some rsvd */ diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c index de9f481a2d4..e647da58c48 100644 --- a/sys/arch/amd64/amd64/machdep.c +++ b/sys/arch/amd64/amd64/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.221 2016/05/21 00:56:43 deraadt Exp $ */ +/* $OpenBSD: machdep.c,v 1.222 2016/09/18 14:28:24 deraadt Exp $ */ /* $NetBSD: machdep.c,v 1.3 2003/05/07 22:58:18 fvdl Exp $ */ /*- @@ -284,12 +284,8 @@ void kgdb_port_init(void); #endif /* KGDB */ #ifdef APERTURE -#ifdef INSECURE -int allowaperture = 1; -#else int allowaperture = 0; #endif -#endif /* * Machine-dependent startup code diff --git a/sys/arch/i386/i386/machdep.c b/sys/arch/i386/i386/machdep.c index 4c88c1c09b7..bbb25ab7d2e 100644 --- a/sys/arch/i386/i386/machdep.c +++ b/sys/arch/i386/i386/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.589 2016/09/03 12:12:43 mlarkin Exp $ */ +/* $OpenBSD: machdep.c,v 1.590 2016/09/18 14:28:25 deraadt Exp $ */ /* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */ /*- @@ -302,12 +302,8 @@ void kgdb_port_init(void); #endif /* KGDB */ #ifdef APERTURE -#ifdef INSECURE -int allowaperture = 1; -#else int allowaperture = 0; #endif -#endif int has_rdrand; int has_rdseed; diff --git a/sys/arch/macppc/macppc/machdep.c b/sys/arch/macppc/macppc/machdep.c index 8467e3549b0..62630677c75 100644 --- a/sys/arch/macppc/macppc/machdep.c +++ b/sys/arch/macppc/macppc/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.177 2016/09/15 02:00:17 dlg Exp $ */ +/* $OpenBSD: machdep.c,v 1.178 2016/09/18 14:28:25 deraadt Exp $ */ /* $NetBSD: machdep.c,v 1.4 1996/10/16 19:33:11 ws Exp $ */ /* @@ -115,12 +115,8 @@ void * startsym, *endsym; #endif #ifdef APERTURE -#ifdef INSECURE -int allowaperture = 1; -#else int allowaperture = 0; #endif -#endif void dumpsys(void); int lcsplx(int ipl); /* called from LCore */ diff --git a/sys/arch/socppc/socppc/machdep.c b/sys/arch/socppc/socppc/machdep.c index 9ca13c52098..2c11cab8c1b 100644 --- a/sys/arch/socppc/socppc/machdep.c +++ b/sys/arch/socppc/socppc/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.69 2016/05/23 18:14:47 deraadt Exp $ */ +/* $OpenBSD: machdep.c,v 1.70 2016/09/18 14:28:25 deraadt Exp $ */ /* $NetBSD: machdep.c,v 1.4 1996/10/16 19:33:11 ws Exp $ */ /* @@ -108,12 +108,8 @@ extern struct bd_info **fwargsave; extern struct fdt_head *fwfdtsave; #ifdef APERTURE -#ifdef INSECURE -int allowaperture = 1; -#else int allowaperture = 0; #endif -#endif void dumpsys(void); int lcsplx(int ipl); diff --git a/sys/arch/sparc64/sparc64/machdep.c b/sys/arch/sparc64/sparc64/machdep.c index 142237c9074..c8636f762b2 100644 --- a/sys/arch/sparc64/sparc64/machdep.c +++ b/sys/arch/sparc64/sparc64/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.178 2016/07/16 08:53:38 tom Exp $ */ +/* $OpenBSD: machdep.c,v 1.179 2016/09/18 14:28:25 deraadt Exp $ */ /* $NetBSD: machdep.c,v 1.108 2001/07/24 19:30:14 eeh Exp $ */ /*- @@ -171,12 +171,8 @@ extern caddr_t msgbufaddr; int sparc_led_blink = 1; #ifdef APERTURE -#ifdef INSECURE -int allowaperture = 1; -#else int allowaperture = 0; #endif -#endif extern int ceccerrs; extern int64_t cecclast; diff --git a/sys/conf/GENERIC b/sys/conf/GENERIC index d3b9178e9ef..b1ce195f70c 100644 --- a/sys/conf/GENERIC +++ b/sys/conf/GENERIC @@ -1,10 +1,8 @@ -# $OpenBSD: GENERIC,v 1.234 2016/09/16 19:13:17 jasper Exp $ +# $OpenBSD: GENERIC,v 1.235 2016/09/18 14:28:05 deraadt Exp $ # # Machine-independent option; used by all architectures for their # GENERIC kernel -#option INSECURE # default to secure - option DDB # in-kernel debugger #option DDBPROF # ddb(4) based profiling #option DDBCTF # DDB support for CTF |