From owner-freebsd-security  Fri Nov 10 14: 4:36 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP
	id C641B37B479; Fri, 10 Nov 2000 14:04:29 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eAAM5dW79171;
	Fri, 10 Nov 2000 14:05:39 -0800 (PST)
	(envelope-from kris)
Date: Fri, 10 Nov 2000 14:05:39 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: Aleksey Zvyagin <zal@ping.ru>, freebsd-security@FreeBSD.ORG
Subject: Re: About FreeBSD securelevel
Message-ID: <20001110140539.A79150@citusc17.usc.edu>
References: <001101c04a67$87b88e40$9600a8c0@zal.ping.ru> <Pine.NEB.3.96L.1001109230111.54529A-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.NEB.3.96L.1001109230111.54529A-100000@fledge.watson.org>; from rwatson@FreeBSD.ORG on Thu, Nov 09, 2000 at 11:03:34PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 09, 2000 at 11:03:34PM -0500, Robert Watson wrote:
>=20
> These are well-known vulnerabilities that have been discussed in detail
> previously: it is widely recognized that securelevels are a flawed scheme
> that (in effect) attempts to be a subset of a mandatory integrity policy +
> some diminished privilege availability.  The securelevel(8) man page
> should be updated to indicate that it is not supported, and recent commits
> to enable the securelevel in sysinstall's higher security profiles should
> be reverted.  The securelevel functionality is inherited from BSD 4.4lite.

Well, even though securelevel doesn't prevent security breaches, it
imposes a road block in order to get around them, and this can and
does stop some (admittedly not very bright) attackers.  Since it's
also the best we have for now, I think the manpage should be updated
to document the failings of the system and that they will hopefully be
addressed in 5.0 with the trustedbsd MAC implementation.  I'll try and
write something up over the weekend.

Kris

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjoMcTMACgkQWry0BWjoQKXm4QCgpuD5s7MjGzWdxad70j3wR4TC
kO0AoIDfNEmMZCbhazpNS1ngCRId5nRy
=9TMh
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message