Date: Mon, 21 Jun 1999 15:08:01 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: imp@harmony.village.org (Warner Losh) Cc: eivind@FreeBSD.ORG, brian@CSUA.Berkeley.EDU, freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <199906210508.PAA15117@cheops.anu.edu.au> In-Reply-To: <199906210458.WAA95598@harmony.village.org> from "Warner Losh" at Jun 20, 99 10:58:44 pm
next in thread | previous in thread | raw e-mail | index | archive | help
FWIW, Solaris2's TCP allows you to defined the top and bottom of this range, so if you made it 1-1 or similar, anyone could bind to anything. Maybe freebsd should do something similar ?? Sort of like the reverse of defining the top and bottom of the anonymous-port range. In some mail from Warner Losh, sie said: > > -----BEGIN PGP SIGNED MESSAGE----- > > In message <19990620223757.K63035@bitbox.follo.net> Eivind Eklund writes: > : I won't go so far as to say that the introduction of securelevel 4 is > : a regression (it is nice functionality when you want to truly secure a > : box), but it would be much better if it came after having made > : "securelevel" a set of orthogonal switches. > > I would go that far, or at least say that it isn't a desirable > progression. A more general, and useful, feature would be to have > some sysctls that become readonly at secure level 2 or greater. I > could also be talked into making this a separate sysctl which once set > cannot be unset. > > This would allow me to turn off binding of ports, turning on secure > ports, turning other features on/off with a finer toothed comb. I do > not think that the proposed secure level 4 would materially improve > security and strikes me as a kludge. I do agree that there needs to > be a secure way to keep it off once off, but secure level 4 isn't it. > > Speaking on the implementation issues, it would be sufficient to add a > bit in the type field for the SYSCTL_PROC function. This bit would be > checked before allowing the sysctl to be written. That stikes me as a > much more useful way to do this. > > This issue was beaten to death in the NetBSD lists recently. I > believe it was der Mouse that proposed this in (I think) > netbsd-security. > > After secure level 2 the desired security features becomes more > orthogonal. > > Warner > FreeBSD security officer. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3ia > Charset: noconv > Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface > > iQCVAwUBN23Ggdxynu/2qPVhAQHZUwP6AmRkKONv7MXgPH079gC4BEXY58o8D/0K > K3COjWPMOtReNF7jh88QZVncqldQrif0UGgz2CC2O/sqTJw8l2Bcnv+9rcwqEevV > e9+LkptKSR6ea9cluwtvja6X40Zqzs1FqPljDyabzT2wZXmlqv8FQlTrus/IJ12Z > GAzO+FZ8rTY= > =3uCm > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906210508.PAA15117>