From owner-freebsd-security Tue Sep 7 1:27:17 1999 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id F0C0615579; Tue, 7 Sep 1999 01:27:11 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id KAA27848; Tue, 7 Sep 1999 10:26:18 +0200 (CEST) (envelope-from des) To: Matthew Dillon Cc: "Matthew D. Fuller" , Dag-Erling Smorgrav , KATO Takenori , bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel References: <199909060513.PAA12402@godzilla.zeta.org.au> <19990906142342F.kato@gneiss.eps.nagoya-u.ac.jp> <199909061539.IAA74893@apollo.backplane.com> <19990906141231.L18814@futuresouth.com> <199909062029.NAA76229@apollo.backplane.com> From: Dag-Erling Smorgrav Date: 07 Sep 1999 10:26:18 +0200 In-Reply-To: Matthew Dillon's message of "Mon, 6 Sep 1999 13:29:44 -0700 (PDT)" Message-ID: Lines: 14 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Dillon writes: > So making DDB 'secure-level friendly' would be a useful thing > tgo do, I think. The idea is not to disable DDB, but to simply > limit the actions that can be performed within it if the securelevel > has been raised. The sysadmin would only be allowed to issue > passive commands, cont, and 'panic'. The sysadmin would not be > allowed to modify the running system. That's an excellent idea - it shouldn't be too hard to add a kernel option (say, DDB_RESTRICTED) and #ifndef the "dangerous" commands. DES (must... write... patches...) -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message