From owner-freebsd-security  Sun Jun 14 15:10:37 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA09912
          for freebsd-security-outgoing; Sun, 14 Jun 1998 15:10:37 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA09855
          for <security@FreeBSD.ORG>; Sun, 14 Jun 1998 15:10:02 -0700 (PDT)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.8.7/8.8.7) with ESMTP id WAA21604;
	Sun, 14 Jun 1998 22:09:57 GMT
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id AAA21428;
	Mon, 15 Jun 1998 00:09:56 +0200 (MET DST)
Message-ID: <19980615000956.57060@follo.net>
Date: Mon, 15 Jun 1998 00:09:56 +0200
From: Eivind Eklund <eivind@yes.no>
To: Niall Smart <njs3@doc.ic.ac.uk>, dima@best.net,
        Darren Reed <avalon@coombs.anu.edu.au>
Cc: jayrich@room101.sysc.com, security@FreeBSD.ORG
Subject: Re: bsd securelevel patch question
References: <eivind@yes.no> <E0ylKaT-0001Nb-00@oak71.doc.ic.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <E0ylKaT-0001Nb-00@oak71.doc.ic.ac.uk>; from Niall Smart on Sun, Jun 14, 1998 at 10:45:17PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Jun 14, 1998 at 10:45:17PM +0100, Niall Smart wrote:
> Propagating the immutable flag leads to a dramatic improvement, not
> propagating it leads to a a meagre improvement, in fact it could be
> construed as taking a step backwards due to over confidence in the
> security of the system just because the secure levels wand has been
> waved.

Propagating it is not a dramatic improvement unless you have some way
of logging killed processes.  We presently don't, I believe..

> I still haven't heard one convincing argument for not propagating the
> immutable flag, and have given plenty for.

I'm in favour, if you also patch kern_sig.c to print out the fact that
something has been killed, and that it had the immutable flag set.
Otherwise, I can't see that it is useful at all.  (It'd be nice to
print the RUID of the process that sent the signal, too, but that
might be difficult to aquire)

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message