Date: Sun, 14 Jun 1998 22:38:55 +0100 From: njs3@doc.ic.ac.uk (Niall Smart) To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>, security@FreeBSD.ORG Subject: Re: bsd securelevel patch question Message-ID: <E0ylKUJ-0001MS-00@oak71.doc.ic.ac.uk> In-Reply-To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu> "Re: bsd securelevel patch question" (Jun 14, 4:20pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 14, 4:20pm, "Angelos D. Keromytis" wrote: } Subject: Re: bsd securelevel patch question > > I think the right question is to ask "what use are securelevels ?" > They're ultimately flawed, so what's the point in trying to fix such > bugs ? Is anyone really using securelevels anyway ? I think you've got to ask two questions: 1) do they noticably improve security? 2) can we replace them with something better? The answer to both questions is yes. However, answering "yes" to "can we replace them with something better?" isn't quite the same thing as going out and actually spending the time designing and implementing the replacement. Apart from the actual amount of work required, there are other considerations which may make a replacement less attractive when compared to secure levels, such as compatability with legacy code, the new security bugs that will be introduced during the implementation of such a complex system and the managability aspects of a fine grained security policy. When something better than secure levels comes out, I'll use it, but till then secure levels remain useful to me and others. On that note, look at http://www.enteract.com/~tqbf/harden.html. Niall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0ylKUJ-0001MS-00>