From owner-freebsd-security  Sun Jun 20  0:12:35 1999
Delivered-To: freebsd-security@freebsd.org
Received: from zip.com.au (zipper.zip.com.au [203.12.97.1])
	by hub.freebsd.org (Postfix) with ESMTP id 228AA14E31
	for <freebsd-security@FreeBSD.ORG>; Sun, 20 Jun 1999 00:12:29 -0700 (PDT)
	(envelope-from ncb@zip.com.au)
Received: from localhost (ncb@localhost)
	by zip.com.au (8.9.1/8.9.1) with ESMTP id RAA17608;
	Sun, 20 Jun 1999 17:13:29 +1000
Date: Sun, 20 Jun 1999 17:13:27 +1000 (EST)
From: Nicholas Brawn <ncb@zip.com.au>
To: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU>
Cc: Darren Reed <avalon@coombs.anu.edu.au>,
	freebsd-security@FreeBSD.ORG
Subject: Re: proposed secure-level 4 patch
In-Reply-To: <Pine.BSF.4.05.9906192235070.70357-100000@smarter.than.nu>
Message-ID: <Pine.LNX.4.05.9906201710460.17277-100000@zipper.zip.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 19 Jun 1999, Brian W. Buchanan wrote:

> Anyway, this all boils down to a matter of choice.  If you value being
> able to restart daemons without rebooting, then don't use this level of
> protection.

Here's an idea i'll toss into the ring. What about runtime integrity
checks. If there were some way of guaranteeing that a program being
executed has the correct checksum prior to processing execve()?

I'm not advocating this line of approach, but it may be one option to
consider. 

Nick



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message