From owner-freebsd-current  Sun Oct  6 10:22:02 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA00958
          for current-outgoing; Sun, 6 Oct 1996 10:22:02 -0700 (PDT)
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA00916
          for <freebsd-current@FreeBSD.org>; Sun, 6 Oct 1996 10:21:51 -0700 (PDT)
Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id TAA19153 for <freebsd-current@FreeBSD.org>; Sun, 6 Oct 1996 19:21:47 +0200
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id TAA18753 for freebsd-current@FreeBSD.org; Sun, 6 Oct 1996 19:21:47 +0200
Received: (from j@localhost) by uriah.heep.sax.de (8.7.5/8.6.9) id SAA08758 for freebsd-current@FreeBSD.org; Sun, 6 Oct 1996 18:51:46 +0200 (MET DST)
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199610061651.SAA08758@uriah.heep.sax.de>
Subject: Re: secure level diffs to kern_mib.c, LINT
To: freebsd-current@FreeBSD.org (FreeBSD-current users)
Date: Sun, 6 Oct 1996 18:51:46 +0200 (MET DST)
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <199610061527.BAA30921@godzilla.zeta.org.au> from Bruce Evans at "Oct 7, 96 01:27:28 am"
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E 
X-Mailer: ELM [version 2.4ME+ PL17 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-current@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

As Bruce Evans wrote:

> >The SCSI control devices should deny their service if securelevel is
> >``secure enough''.
> 
> They already deny service if they are opened at securelevel 2, since
> they are disk devices, and disk devices can't be opened for writing at
> securelevel 2, and they require write permission for all ioctls.

Not all SCSI control devices are disk devices.  However, all of them
are able to cause the same degree of damage to a SCSI bus (basically),
so all of them must fall under the same restrictions.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)