Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jul 1999 11:18:02 -0600
From:      Nate Williams <>
To:        Matthew Dillon <>
Cc:        "Brian F. Feldman" <green@FreeBSD.ORG>, Joe Greco <>, hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: securelevel and ipfw zero
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
>     ipfw allows you to clear counters.  It is a feature that already exists.
>     However, it does not allow you to do it if you are sitting at secure
>     level 3.
>     Why not?  I can't think of any good reason why clearing the counters 
>     should be disallowed when sitting at a higher secure level.  The counters
>     are nothing more then statistics.  Clearing statistics is not a security
>     threat.

I just thought of a bad thing.  If you allowed the counters to be zero'd
(or advanced) at securelevel == 3, then a 'malicious user' could write a
cronjob to continually reset them and cause a DoS attack on the system
(or in the case of advance, reset them to ridiculously high values),
thus filling up the disk.

However, one could argue that *IF* they have root, they could just as
easily fill the disk with garbage and cause the same attack, ie;

# dd if=/dev/zero of=/var/log/misc

>     The discussion should simply be about that.  Not all this garbage
>     about adding new features.  There's a feature that does not seem
>     to impact security, secure level disallows it, why?

I'm not convinced there aren't other security implications from zero'ing
(or advancing) the counters.


To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>