Date: Sun, 20 Jun 1999 13:19:31 -0700 (PDT) From: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU> To: Eivind Eklund <eivind@FreeBSD.ORG> Cc: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG> Subject: Re: proposed secure-level 4 patch Message-ID: <Pine.BSF.4.05.9906201312120.70357-100000@smarter.than.nu> In-Reply-To: <19990620180356.J63035@bitbox.follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Jun 1999, Eivind Eklund wrote: > On Sat, Jun 19, 1999 at 12:56:19AM -0500, Frank Tobin wrote: > > Okay, a good friend of mine Kris Wehner has written a patch to implement > > the proposed securelevel of 4, which would disallow the opening of > > secure ports (<1024) while in the securelevel of 4. The patch is against > > 3.2-STABLE kernel, as of within 12 hours. I'd like to hear more comments > > before I send it as a send-pr. The patch is attached. > > I think using securelevel 4 for this is a bad idea. I believe the > right thing to do with securelevels is to start splitting them into a > set of different sysctls, where each individual feature can be turned > off. It is convenient to have a set of sysctls you can use to "turn > off everything" (like securelevel does today). > > However, to apply a "full securelevel" to a box is difficult; the > ability to throw away single capabilities could be very useful. I considered suggesting this last night, then realized that applying only the effect added by securelevel 3 or the proposed level 4 would be ineffective, as it's easily circumvented through loading a custom kernel module, writing to /dev/kmem, etc. Blocking the binding of low ports would be ineffective without restrictions on changing IPFW rules, as IIRC IPFW rules can be used to redirect packets from one port to another. For what we have now and for the proposed securelevel 4, I'd say that the current system makes sense. If we did start to add security features that are orthogonal to the present ones, however, I'd agree that they should be separate sysctl knobs. Securelevel 2 would still be pretty much mandatory for enforcing any other restrictions on root, though. -- Brian Buchanan brian@CSUA.Berkeley.EDU -------------------------------------------------------------------------- FreeBSD - The Power to Serve! http://www.freebsd.org daemon(n): 1. an attendant power or spirit : GENIUS 2. the cute little mascot of the FreeBSD operating system To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906201312120.70357-100000>