Date: Mon, 6 Sep 1999 14:12:32 -0500 From: "Matthew D. Fuller" <fullermd@futuresouth.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel Message-ID: <19990906141231.L18814@futuresouth.com> In-Reply-To: <199909061539.IAA74893@apollo.backplane.com>; from Matthew Dillon on Mon, Sep 06, 1999 at 08:39:54AM -0700 References: <199909060513.PAA12402@godzilla.zeta.org.au> <19990906142342F.kato@gneiss.eps.nagoya-u.ac.jp> <xzp1zcco10z.fsf@flood.ping.uio.no> <199909061539.IAA74893@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 06, 1999 at 08:39:54AM -0700, a little birdie told me that Matthew Dillon remarked > > Though, as a side note, it should be noted that if you have DDB > enabled then lowering the secure level is pretty easy to do. If you > have access to the console, of course. We used this trick at BEST > a couple of times. Still, I think this might qualify as a bug in > the securelevel implementation. I don't know about 'bug in securelevel implementation'... For DDB to be DDB, you have to be able to tweak the running kernel any which way outside of its control. For securelevel to be securelevel, you have to prevent changes to X, Y, and Z, no matter how they're changed. I think it's more of a 'DDB is antithecal to securelevel'. Calling it a bug in securelevel is like calling lack of cargo space a bug in a Geo Metro. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ FutureSouth Communications | ISPHelp ISP Consulting "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990906141231.L18814>