From owner-freebsd-current  Tue Apr  4 00:06:53 1995
Return-Path: current-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA05530 for current-outgoing; Tue, 4 Apr 1995 00:06:53 -0700
Received: from localhost (localhost [127.0.0.1]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id AAA05523; Tue, 4 Apr 1995 00:06:52 -0700
X-Authentication-Warning: freefall.cdrom.com: Host localhost didn't use HELO protocol
To: Scott Mace <smace@metal-mail.neosoft.com>
cc: current@FreeBSD.org
Subject: Re: a few patches... 
In-reply-to: Your message of "Mon, 03 Apr 95 17:04:47 MDT."
             <199504032304.RAA00336@metal.ops.neosoft.com> 
Date: Tue, 04 Apr 1995 00:06:51 -0700
Message-ID: <5522.796979211@freefall.cdrom.com>
From: "Jordan K. Hubbard" <jkh@freefall.cdrom.com>
Sender: current-owner@FreeBSD.org
Precedence: bulk

> I would like to add a config option to enable as disable securelevel.
> the securelevel and chflags features are a major security helper IMHO.

Are you saying you also want to come up secure?  No installing over
kernels and things except when up single?

Hmmmmm...  Hmmmmmmmmmmmmm!  David?  When did we say we were going to
cut over after the "grace period" on this one? :-)

Personally, I think it's not a bad idea for 2.1.  I think it highly
likely that there is already going to be a BIG SIGN saying "READ ALL
OF THIS BEFORE PROCEEDING OR DIE!!" (or something to that effect)
right at the beginning of 2.1.  This file will contain stuff you
_really_ want the users to read, for example the fact that system
files are immutable by default and, while FAR more secure, not
entirely without cost.

There would probably be a number of people a lot safer because of it
if we made it a default..

> Also, on a totally unrelated note, I've found on at least 2 scsi drives
> I've used I need a pause right before the extended probe kicks off.
> (bt_inquire_setup_information) The minimal pause I've experimentally 
> found is DELAY(450000).  This is with the bt driver.  I've had this patch
> in my set of "local" patches forever, but when I brought it up before, 
> noone wanted it committed.  Oh the horrors of yet another pause (which

Indeed!  The horror!

I dunno..  Is this a known catagorical deficiency in certain drives?

					JOrdan