From owner-freebsd-security  Sun Jun 14 14:39:19 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA05265
          for freebsd-security-outgoing; Sun, 14 Jun 1998 14:39:19 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from heron.doc.ic.ac.uk (4XxwnzCOtO9+mvAXYWeIe1b3e7+WqqCt@heron.doc.ic.ac.uk [146.169.46.3])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA05236
          for <security@freebsd.org>; Sun, 14 Jun 1998 14:39:04 -0700 (PDT)
          (envelope-from njs3@doc.ic.ac.uk)
Received: from oak71.doc.ic.ac.uk [146.169.46.71] ([5Miy8CS7qENlKKwYnnJFMDadwM+tsqpx])
	by heron.doc.ic.ac.uk with smtp (Exim 1.62 #3)
	id 0ylKUK-0007DI-00; Sun, 14 Jun 1998 22:38:56 +0100
Received: from njs3 by oak71.doc.ic.ac.uk with local (Exim 1.62 #3)
	id 0ylKUJ-0001MS-00; Sun, 14 Jun 1998 22:38:55 +0100
From: njs3@doc.ic.ac.uk (Niall Smart)
Date: Sun, 14 Jun 1998 22:38:55 +0100
In-Reply-To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
       "Re: bsd securelevel patch question" (Jun 14,  4:20pm)
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>, security@FreeBSD.ORG
Subject: Re: bsd securelevel patch question
Message-Id: <E0ylKUJ-0001MS-00@oak71.doc.ic.ac.uk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Jun 14,  4:20pm, "Angelos D. Keromytis" wrote:
} Subject: Re: bsd securelevel patch question
> 
> I think the right question is to ask "what use are securelevels ?"
> They're ultimately flawed, so what's the point in trying to fix such
> bugs ? Is anyone really using securelevels anyway ?

I think you've got to ask two questions:  1) do they noticably improve
security?  2) can we replace them with something better?  The answer
to both questions is yes.  However, answering "yes" to "can we replace
them with something better?" isn't quite the same thing as going out and
actually spending the time designing and implementing the replacement.

Apart from the actual amount of work required, there are other
considerations which may make a replacement less attractive when compared
to secure levels, such as compatability with legacy code, the new security
bugs that will be introduced during the implementation of such a complex
system and the managability aspects of a fine grained security policy.

When something better than secure levels comes out, I'll use it, but
till then secure levels remain useful to me and others.  On that note,
look at http://www.enteract.com/~tqbf/harden.html.


Niall

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message