From owner-freebsd-hackers  Tue May 23 22:58:40 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id WAA00328
          for hackers-outgoing; Tue, 23 May 1995 22:58:40 -0700
Received: from leo.ibms.sinica.edu.tw ([140.109.40.249])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id WAA00311
          for <freebsd-hackers@freebsd.org>; Tue, 23 May 1995 22:58:31 -0700
Received: (from taob@localhost) by leo.ibms.sinica.edu.tw (8.6.11/8.6.9) id NAA24178; Wed, 24 May 1995 13:53:06 +0800
Date: Wed, 24 May 1995 13:53:06 +0800
From: Brian Tao <taob@gate.sinica.edu.tw>
Message-Id: <199505240553.NAA24178@leo.ibms.sinica.edu.tw>
To: freebsd-hackers@FreeBSD.org, lrr@sei.cmu.edu
Subject: Re: 4.4BSD (and others) chflags, sysctl, and secure levels
Newsgroups: comp.security.unix
In-Reply-To: <1995May22.183618.26824@sei.cmu.edu>
Organization: Institute of Biomedical Sciences, Academia Sinica
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

    I grabbed this out of comp.security.unix.  Perhaps someone here could
comment on Larry's questions, since FreeBSD does implement 4.4BSD file
flags and sysctl.  Not sure what 'secure levels" are though.

In article <1995May22.183618.26824@sei.cmu.edu> you write:
>---
>Folks:
>
>I have been reading about the 4.4BSD chflags, sysctl, and secure
>levels and was curious to know the following:
>
>- Do they do what was intended (do they work)?
>
>- Are they complete, or how would you expand them to solve the
>problems you perceive?
>
>- Once installed and enabled, how cumbersome does that make a system
>to maintain?
>
>- If you use them on one type of system, do you wish you had it
>elsewhere (everywhere)?
>
>At first glance, these security improvements *seem* to counteract
>some of the well known security breaches; the root kit comes to mind.
>However, if the system becomes so cumbersome to maintain, then one has
>a decision to make.
>
>Thanks for your assessment of these security features.  Please mail
>to me and I will summarize.
>
>					Larry Rogers
>					Member, Technical Staff
>					Trustworthy Systems
>					Software Engineering Institute
>					Carnegie-Mellon University
>					Pittsburgh, PA 15213
>					lrr@sei.cmu.edu
>					Phone: 412-268-8907 (Direct)
>					       412-268-7700 (SEI)
>					FAX:   412-268-5758

-- 
Brian ("Though this be madness, yet there is method in't") Tao
taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org