Date: Wed, 29 Sep 2004 21:03:18 -0400 From: Tom Rhodes <trhodes@FreeBSD.org> To: David Schultz <das@FreeBSD.org> Cc: cjclark@alum.mit.edu Subject: Re: Kernel-loadable Root Kits Message-ID: <20040929210318.5c9c2ba1@localhost> In-Reply-To: <20040929235029.GA31828@VARK.MIT.EDU> References: <4159EABF.3030004@ai.net> <E1CCfo7-000Kb9-00@xi.css.qmw.ac.uk> <20040929235029.GA31828@VARK.MIT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Sep 2004 19:50:29 -0400 David Schultz <das@freebsd.org> wrote: > On Wed, Sep 29, 2004, David Pick wrote: > > 6) securelevel *is* a great thing but sysadmins are tied to the > > hierarchy of levels chosen by the project, and one size does *not* > > fit all. As a more general mechanism I would suggest that there > > is a kernel-build option for *each* facility that can be locked > > by securelevel, which geves the level at which that facility > > becomes locked. > > Great idea. See mac(4). And don't forget to read the <shameless plug>MAC</shameless plug> chapter in the FreeBSD Handbook. :) -- Tom Rhodes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040929210318.5c9c2ba1>