Date: Mon, 23 Apr 2001 09:53:09 -0500 From: Rich Neswold <neswold@fnal.gov> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Protecting IPFW kernel variables... Message-ID: <20010423095308.A81556@spiv.fnal.gov> In-Reply-To: <200104181831.UAA49728@info.iet.unipi.it>; from luigi@info.iet.unipi.it on Wed, Apr 18, 2001 at 08:31:45PM %2B0200 References: <20010418113053.A34196@spiv.fnal.gov> <200104181831.UAA49728@info.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
If memory serves, didn't Luigi Rizzo say:
> > I noticed, however, that even at this secure level, I can still open my
> > firewall by using sysctl!
> >
> > The following patch corrects this:
> >
> i think it is a bit late for 4.3 also given that CTLFLAG_SECURE is not
> used anywhere.
If the kernel secure level is >= 0, then my patch would also prevent the
system administrator from turning on the firewall (provided it was off
before increasing the kernel secure level.)
I'm going to upgrade my systems to 4.3 and try this patch out for a while
before committing it.
--
Rich
------------------------------------------------------------------------
Richard Neswold, Beams Division / Controls Dept | neswold@fnal.gov
Fermilab, PO Box 500, MS 360, Batavia, IL 60510 | voice 1.630.840.3454
| fax 1.630.840.3093
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010423095308.A81556>