Date: Wed, 13 Mar 2002 09:41:05 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: "Rogier R. Mulhuijzen" <drwilco@drwilco.net> Cc: freebsd-hackers@freebsd.org Subject: Re: logging securelevel violations Message-ID: <20020313074105.GB375@hades.hell.gr> In-Reply-To: <5.1.0.14.0.20020312222347.01c3b080@mail.drwilco.net> References: <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net> <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net> <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net> <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net> <5.1.0.14.0.20020312222347.01c3b080@mail.drwilco.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-03-12 22:26, Rogier R. Mulhuijzen wrote:
> What I meant is, the file permissions on /dev/ad0 stop ordinary users from
> even reaching the point where the secure level denies the attempt.
>
> And so only root can actually trigger the secure level violation log
> message. So it cannot be used to maliously fill the logs. Unless someone
> has root, and then you have bigger problems.
Indeed. But we're discussing something about code that doesn't exist.
Rate limiting is not bad, IMHO. But I'll let this go, until we have code
to work on. I'm just concerned that there might be things that securelevel
would disallow, that can be done by ordrinary users. For instance if user
mounts are allowed, mounting a partition or floppy disk etc.
Giorgos Keramidas FreeBSD Documentation Project
keramida@{freebsd.org,ceid.upatras.gr} http://www.FreeBSD.org/docproj/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020313074105.GB375>