Date: Wed, 17 Sep 97 21:06:04 +0100 From: "Frode Nordahl" <froden@bigblue.no> To: "Mikael Karpberg" <karpen@ocean.campus.luth.se> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: schg flag... Message-ID: <199709171906.VAA01931@login.bigblue.no>
next in thread | raw e-mail | index | archive | help
On Wed, 17 Sep 1997 20:58:19 +0200 (CEST), Mikael Karpberg wrote: >> Ok... Well then's a question, why is FreeBSD's standard mode to run in >> leve -1? Isn't that a bit suicidal? > >No, it's practical. Running at a higher securelevel just makes things harder >for you. Compiling a new kernel, etc. Why bother making your computer a >fortress when you really don't have much important data on it? It's just >annoying to have to lower the drawbridge every time you wanna run out to >pick a fresh apple. :-) > >Ofcourse, when you set up a server which actually contains data you can't >afford to loose, or having someone unauthorised read, then you should >probably raise the secure level. But most machines running FreeBSD are >most likely just workstations, which can be wiped and reinstalled if >anything really bad happens. Therefor that's the default. I can understand that! I would really hate it if I had those limitations on my workstation, but the install program, or the rc.conf file should mention it somewhere. One of our FreeBSD boxes run as a user shell-account server. And with all of those "mad" users running arround, having some security is pretty nice. Okay, if something happends, we can allways reinstall, but that costs us time, money, and reputation. So the box is to be as secure as possible at any time. _____________________________________________________________ Frode Nordahl | P.B. 2509 Solli | Tel +47 22 20 47 18 Teknisk ansvarlig | 0202 Oslo | Fax +47 22 20 39 19 Computer Tjenester AS | Norway | froden@bigblue.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709171906.VAA01931>