From owner-freebsd-security Fri Jun 18 23:26:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from srh0710.urh.uiuc.edu (srh0710.urh.uiuc.edu [130.126.76.32]) by hub.freebsd.org (Postfix) with SMTP id CFF7214CA9 for ; Fri, 18 Jun 1999 23:26:12 -0700 (PDT) (envelope-from ftobin@bigfoot.com) Received: (qmail 60385 invoked by uid 1000); 19 Jun 1999 06:26:09 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 19 Jun 1999 06:26:09 -0000 Date: Sat, 19 Jun 1999 01:26:09 -0500 (CDT) From: Frank Tobin X-Sender: ftobin@srh0710.urh.uiuc.edu Cc: FreeBSD-security Mailing List Subject: Re: proposed secure-level 4 patch In-Reply-To: <199906190619.QAA28681@cheops.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren Reed, at 16:19 on Sat, 19 Jun 1999, wrote: > > Using a securelevel of -2 for this is `better', but it means your kernel > must boot up with a securelevel of -1 (or less), init scripts change it > to be >= 0 so that init raises it to (at least) 1 once they're all finished. Erm, I think you are confusing two separate ideas that were discussed. This would be securelevel 4 (the patch). It allows the non-binding of privileged ports. Secure-level -2 was addressing a totally different system where user-processes could bind to privileged ports without root's help. -- Frank Tobin "To learn what is good and what is to be http://www.bigfoot.com/~ftobin valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus FreeBSD: The Power To Serve PGPenvelope = GPG and PGP5 + Pine PGP: 4F86 3BBB A816 6F0A 340F http://www.bigfoot.com/~ftobin/resources.html 6003 56FF D10A 260C 4FA3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message