From owner-freebsd-security Sun Jun 20 10:43:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from funbox.demon.co.uk (funbox.demon.co.uk [158.152.85.52]) by hub.freebsd.org (Postfix) with SMTP id 036DA14F05 for ; Sun, 20 Jun 1999 10:43:03 -0700 (PDT) (envelope-from dev.null@funbox.demon.co.uk) Received: from funbox.demon.co.uk, ID 376D27ED-0180, Sun, 20 Jun 1999 17:42:05 UTC To: freebsd-security@freebsd.org From: dev.null@funbox.demon.co.uk X-Date: Sun, 20 Jun 1999 18:42:04 +0100 Subject: Re: proposed secure-level 4 patch Message-ID: <376D27ED.0180@funbox.demon.co.uk> Date: Sun, 20 Jun 1999 18:42:05 +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Eivind wrote: > I think using securelevel 4 for this is a bad idea. I believe the > right thing to do with securelevels is to start splitting them into a > set of different sysctls, where each individual feature can be turned > off. It is convenient to have a set of sysctls you can use to "turn > off everything" (like securelevel does today). Agreed! Another way of doing that might be to use a bit vector to specify the securelevel. It would be closer in syntax to the current method, and would give the desired flexibility and control over the individual capabilitiies. Thoughts about a bit vector, anyone? Tim -- Tim Jackson (PGP key available) ________________________________________________________________________ please reply to: t i m . j @ f u n b o x . d e m o n . c o . u k To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message