Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Mar 2002 14:02:21 -0600
From:      "Guy Helmer" <ghelmer@palisadesys.com>
To:        "Jeff Jirsa" <jjirsa@hmc.edu>, <freebsd-hackers@FreeBSD.ORG>
Subject:   RE: logging securelevel violations
Message-ID:  <FPEBKMIFGFHCGLLKBLMMOEGOCAAA.ghelmer@palisadesys.com>
In-Reply-To: <002001c1c936$c25ff4d0$5e3bad86@boredom>

next in thread | previous in thread | raw e-mail | index | archive | help
Jeff Jirsa wrote:
> I've noticed that currently, violations of securelevel are
> aborted, but not
> typically logged. It seems like in addition to aborting whichever
> calls are
> in progress, logging an error might be beneficial. I recognize that this
> goes along the same lines as logging file permission errors, but if a file
> is marked immutable, the implicit value of the file should
> suggest that one
> might want to be able to audit attempted changes to that file.

I think this would be useful, but I would be concerned about the rate at
which these messages could come when someone is actively attacking a system.
Perhaps such messages could go through a rate limiter mechanism similar to
that now used by the network interfaces.

I am not certain whether this addition would affect the TrustedBSD work,
either.

Guy Helmer


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FPEBKMIFGFHCGLLKBLMMOEGOCAAA.ghelmer>