Date: Sun, 20 Jun 1999 22:58:44 -0600 From: Warner Losh <imp@harmony.village.org> To: Eivind Eklund <eivind@FreeBSD.ORG> Cc: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU>, FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG> Subject: Re: proposed secure-level 4 patch Message-ID: <199906210458.WAA95598@harmony.village.org> In-Reply-To: Your message of "Sun, 20 Jun 1999 22:37:57 %2B0200." <19990620223757.K63035@bitbox.follo.net> References: <19990620223757.K63035@bitbox.follo.net> <19990620180356.J63035@bitbox.follo.net> <Pine.BSF.4.05.9906201312120.70357-100000@smarter.than.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- In message <19990620223757.K63035@bitbox.follo.net> Eivind Eklund writes: : I won't go so far as to say that the introduction of securelevel 4 is : a regression (it is nice functionality when you want to truly secure a : box), but it would be much better if it came after having made : "securelevel" a set of orthogonal switches. I would go that far, or at least say that it isn't a desirable progression. A more general, and useful, feature would be to have some sysctls that become readonly at secure level 2 or greater. I could also be talked into making this a separate sysctl which once set cannot be unset. This would allow me to turn off binding of ports, turning on secure ports, turning other features on/off with a finer toothed comb. I do not think that the proposed secure level 4 would materially improve security and strikes me as a kludge. I do agree that there needs to be a secure way to keep it off once off, but secure level 4 isn't it. Speaking on the implementation issues, it would be sufficient to add a bit in the type field for the SYSCTL_PROC function. This bit would be checked before allowing the sysctl to be written. That stikes me as a much more useful way to do this. This issue was beaten to death in the NetBSD lists recently. I believe it was der Mouse that proposed this in (I think) netbsd-security. After secure level 2 the desired security features becomes more orthogonal. Warner FreeBSD security officer. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBN23Ggdxynu/2qPVhAQHZUwP6AmRkKONv7MXgPH079gC4BEXY58o8D/0K K3COjWPMOtReNF7jh88QZVncqldQrif0UGgz2CC2O/sqTJw8l2Bcnv+9rcwqEevV e9+LkptKSR6ea9cluwtvja6X40Zqzs1FqPljDyabzT2wZXmlqv8FQlTrus/IJ12Z GAzO+FZ8rTY= =3uCm -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906210458.WAA95598>