Date: Thu, 9 Nov 2000 23:03:34 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: Aleksey Zvyagin <zal@ping.ru> Cc: freebsd-security@freebsd.org Subject: Re: About FreeBSD securelevel Message-ID: <Pine.NEB.3.96L.1001109230111.54529A-100000@fledge.watson.org> In-Reply-To: <001101c04a67$87b88e40$9600a8c0@zal.ping.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
These are well-known vulnerabilities that have been discussed in detail previously: it is widely recognized that securelevels are a flawed scheme that (in effect) attempts to be a subset of a mandatory integrity policy + some diminished privilege availability. The securelevel(8) man page should be updated to indicate that it is not supported, and recent commits to enable the securelevel in sysinstall's higher security profiles should be reverted. The securelevel functionality is inherited from BSD 4.4lite. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001109230111.54529A-100000>