Date: Tue, 27 Jul 1999 21:29:24 -0600 From: Warner Losh <imp@village.org> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: Matthew Dillon <dillon@apollo.backplane.com>, hackers@FreeBSD.ORG Subject: Re: securelevel too course-grained? Message-ID: <199907280329.VAA68348@harmony.village.org> In-Reply-To: Your message of "Tue, 27 Jul 1999 07:37:26 %2B0200." <87126.933053846@axl.noc.iafrica.com> References: <87126.933053846@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <87126.933053846@axl.noc.iafrica.com> Sheldon Hearn writes: : I have a feeling it'll be time soon enough for us to make each of the : decisions that is normally affected by securelevel dependant on the : value of sysctl knobs. Presumeably one or more of them would be : "write-once" knobs. :-) Yes. That's what I favor. : How much existing software tests for kern.securelevel? And could we : make its value dependant on the new knobs? I can't see it being too big : a problem. I don't think we should eliminate secure levels. However, I think at high secure levels, one can no longer change the value of some sysctls. Ideally, each sysctl would have the highest level that it can be changed at encoded into it. Less ideally, there would be a flag bit that said that it can't be change at secure levels > 0. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907280329.VAA68348>