Date: Mon, 21 Jun 1999 15:18:34 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: dev.null@funbox.demon.co.uk Cc: freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <199906210518.PAA15232@cheops.anu.edu.au> In-Reply-To: <376D27ED.0180@funbox.demon.co.uk> from "dev.null@funbox.demon.co.uk" at Jun 20, 99 06:42:05 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from dev.null@funbox.demon.co.uk, sie said: > > > Eivind wrote: > > > I think using securelevel 4 for this is a bad idea. I believe the > > right thing to do with securelevels is to start splitting them into a > > set of different sysctls, where each individual feature can be turned > > off. It is convenient to have a set of sysctls you can use to "turn > > off everything" (like securelevel does today). > > Agreed! Another way of doing that might be to use a bit vector to > specify the securelevel. It would be closer in syntax to the current > method, and would give the desired flexibility and control over > the individual capabilitiies. > > Thoughts about a bit vector, anyone? This is more like a capabilities hook such as being worked on for the POSIX security changes. How about a bit vector defining which ports can and can't be bound from non-root below 1024 ? a 256 byte array doesn't sound too bad does it ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906210518.PAA15232>