From owner-freebsd-stable Mon Dec 18 17:27:46 2000 From owner-freebsd-stable@FreeBSD.ORG Mon Dec 18 17:27:42 2000 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id A932737B402; Mon, 18 Dec 2000 17:27:41 -0800 (PST) Received: by bazooka.unixfreak.org (Postfix, from userid 1000) id 25FC13E09; Mon, 18 Dec 2000 17:27:41 -0800 (PST) Received: from unixfreak.org (localhost [127.0.0.1]) by bazooka.unixfreak.org (Postfix) with ESMTP id 1F5B23C109; Mon, 18 Dec 2000 17:27:41 -0800 (PST) To: opentrax@email.com Cc: nuno.teixeira@pt-quorum.com, freebsd-bugs@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: chflags bug? In-Reply-To: Message from opentrax@email.com of "Mon, 18 Dec 2000 13:29:09 PST." <200012182129.NAA14693@spammie.svbug.com> Date: Mon, 18 Dec 2000 17:27:36 -0800 From: Dima Dorfman Message-Id: <20001219012741.25FC13E09@bazooka.unixfreak.org> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I'm sure this topic has been discussed to death in core, arch > and stable. But this 'kernel_securelevel' has got to be > amoung the screwyist ideas to date. Do you have a better one? If so, I'm sure many people would like to hear about it. I agree that securelevel is imperfect to say the least, but knowledge of what it can and cannot do may help you stop an attacker (albeit, a not-so-bright one, but most attackers fall in this category) from completely trashing your system. The only apparent downside is that it may provide a false sense of security to those who don't know what it is, but that's more a result of lack of documentation or user education than a fault of the implementation. > Note: Flames to me will hit /dev/null From the magnitude of the thread on OpenBSD's mailing lists about ssh being evil (yes, the one you started), I'd say you are quite incapable of piping flames (which this message is not) to /dev/null. No pun/offense/whatever intended. I'm just expressing my opinion. Regards Dima Dorfman dima@unixfreak.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message