Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 May 1995 13:53:06 +0800
From:      Brian Tao <taob@gate.sinica.edu.tw>
To:        freebsd-hackers@FreeBSD.org, lrr@sei.cmu.edu
Subject:   Re: 4.4BSD (and others) chflags, sysctl, and secure levels
Message-ID:  <199505240553.NAA24178@leo.ibms.sinica.edu.tw>
In-Reply-To: <1995May22.183618.26824@sei.cmu.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
    I grabbed this out of comp.security.unix.  Perhaps someone here could
comment on Larry's questions, since FreeBSD does implement 4.4BSD file
flags and sysctl.  Not sure what 'secure levels" are though.

In article <1995May22.183618.26824@sei.cmu.edu> you write:
>---
>Folks:
>
>I have been reading about the 4.4BSD chflags, sysctl, and secure
>levels and was curious to know the following:
>
>- Do they do what was intended (do they work)?
>
>- Are they complete, or how would you expand them to solve the
>problems you perceive?
>
>- Once installed and enabled, how cumbersome does that make a system
>to maintain?
>
>- If you use them on one type of system, do you wish you had it
>elsewhere (everywhere)?
>
>At first glance, these security improvements *seem* to counteract
>some of the well known security breaches; the root kit comes to mind.
>However, if the system becomes so cumbersome to maintain, then one has
>a decision to make.
>
>Thanks for your assessment of these security features.  Please mail
>to me and I will summarize.
>
>					Larry Rogers
>					Member, Technical Staff
>					Trustworthy Systems
>					Software Engineering Institute
>					Carnegie-Mellon University
>					Pittsburgh, PA 15213
>					lrr@sei.cmu.edu
>					Phone: 412-268-8907 (Direct)
>					       412-268-7700 (SEI)
>					FAX:   412-268-5758

-- 
Brian ("Though this be madness, yet there is method in't") Tao
taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505240553.NAA24178>