From owner-freebsd-current  Sun Oct  6 08:30:45 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA24596
          for current-outgoing; Sun, 6 Oct 1996 08:30:45 -0700 (PDT)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA24588
          for <freebsd-current@FreeBSD.org>; Sun, 6 Oct 1996 08:30:41 -0700 (PDT)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.7.6/8.6.9) id BAA30921; Mon, 7 Oct 1996 01:27:28 +1000
Date: Mon, 7 Oct 1996 01:27:28 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199610061527.BAA30921@godzilla.zeta.org.au>
To: freebsd-current@FreeBSD.org, j@uriah.heep.sax.de
Subject: Re: secure level diffs to kern_mib.c, LINT
Sender: owner-current@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

>> The write protection on mounted disks is worthless becauses there are
>> lots of aliases.  Even plain BSD has a whole disk partition, and FreeBSD
>> has lots of slices and SCSI control devices.
>
>The SCSI control devices should deny their service if securelevel is
>``secure enough''.

They already deny service if they are opened at securelevel 2, since
they are disk devices, and disk devices can't be opened for writing at
securelevel 2, and they require write permission for all ioctls.

Bruce