From owner-freebsd-hackers Tue Jul 27 20:28:59 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id D4796153DA for ; Tue, 27 Jul 1999 20:28:39 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id VAA68747; Tue, 27 Jul 1999 21:28:04 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA68348; Tue, 27 Jul 1999 21:29:24 -0600 (MDT) Message-Id: <199907280329.VAA68348@harmony.village.org> To: Sheldon Hearn Subject: Re: securelevel too course-grained? Cc: Matthew Dillon , hackers@FreeBSD.ORG In-reply-to: Your message of "Tue, 27 Jul 1999 07:37:26 +0200." <87126.933053846@axl.noc.iafrica.com> References: <87126.933053846@axl.noc.iafrica.com> Date: Tue, 27 Jul 1999 21:29:24 -0600 From: Warner Losh Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <87126.933053846@axl.noc.iafrica.com> Sheldon Hearn writes: : I have a feeling it'll be time soon enough for us to make each of the : decisions that is normally affected by securelevel dependant on the : value of sysctl knobs. Presumeably one or more of them would be : "write-once" knobs. :-) Yes. That's what I favor. : How much existing software tests for kern.securelevel? And could we : make its value dependant on the new knobs? I can't see it being too big : a problem. I don't think we should eliminate secure levels. However, I think at high secure levels, one can no longer change the value of some sysctls. Ideally, each sysctl would have the highest level that it can be changed at encoded into it. Less ideally, there would be a flag bit that said that it can't be change at secure levels > 0. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message