From owner-freebsd-security Sun Jun 20 22: 8:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (Postfix) with ESMTP id 1322A14D7A; Sun, 20 Jun 1999 22:08:23 -0700 (PDT) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id PAA15117; Mon, 21 Jun 1999 15:08:01 +1000 (EST) From: Darren Reed Message-Id: <199906210508.PAA15117@cheops.anu.edu.au> Subject: Re: proposed secure-level 4 patch To: imp@harmony.village.org (Warner Losh) Date: Mon, 21 Jun 1999 15:08:01 +1000 (EST) Cc: eivind@FreeBSD.ORG, brian@CSUA.Berkeley.EDU, freebsd-security@FreeBSD.ORG In-Reply-To: <199906210458.WAA95598@harmony.village.org> from "Warner Losh" at Jun 20, 99 10:58:44 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FWIW, Solaris2's TCP allows you to defined the top and bottom of this range, so if you made it 1-1 or similar, anyone could bind to anything. Maybe freebsd should do something similar ?? Sort of like the reverse of defining the top and bottom of the anonymous-port range. In some mail from Warner Losh, sie said: > > -----BEGIN PGP SIGNED MESSAGE----- > > In message <19990620223757.K63035@bitbox.follo.net> Eivind Eklund writes: > : I won't go so far as to say that the introduction of securelevel 4 is > : a regression (it is nice functionality when you want to truly secure a > : box), but it would be much better if it came after having made > : "securelevel" a set of orthogonal switches. > > I would go that far, or at least say that it isn't a desirable > progression. A more general, and useful, feature would be to have > some sysctls that become readonly at secure level 2 or greater. I > could also be talked into making this a separate sysctl which once set > cannot be unset. > > This would allow me to turn off binding of ports, turning on secure > ports, turning other features on/off with a finer toothed comb. I do > not think that the proposed secure level 4 would materially improve > security and strikes me as a kludge. I do agree that there needs to > be a secure way to keep it off once off, but secure level 4 isn't it. > > Speaking on the implementation issues, it would be sufficient to add a > bit in the type field for the SYSCTL_PROC function. This bit would be > checked before allowing the sysctl to be written. That stikes me as a > much more useful way to do this. > > This issue was beaten to death in the NetBSD lists recently. I > believe it was der Mouse that proposed this in (I think) > netbsd-security. > > After secure level 2 the desired security features becomes more > orthogonal. > > Warner > FreeBSD security officer. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3ia > Charset: noconv > Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface > > iQCVAwUBN23Ggdxynu/2qPVhAQHZUwP6AmRkKONv7MXgPH079gC4BEXY58o8D/0K > K3COjWPMOtReNF7jh88QZVncqldQrif0UGgz2CC2O/sqTJw8l2Bcnv+9rcwqEevV > e9+LkptKSR6ea9cluwtvja6X40Zqzs1FqPljDyabzT2wZXmlqv8FQlTrus/IJ12Z > GAzO+FZ8rTY= > =3uCm > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message