From owner-freebsd-hackers Mon Jul 26 22:37:46 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 7253D14FA4 for ; Mon, 26 Jul 1999 22:37:39 -0700 (PDT) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.02 #1) id 118zva-000MfH-00; Tue, 27 Jul 1999 07:37:26 +0200 From: Sheldon Hearn To: Matthew Dillon Cc: hackers@freebsd.org Subject: securelevel too course-grained? In-reply-to: Your message of "Mon, 26 Jul 1999 20:48:28 MST." <199907270348.UAA49943@apollo.backplane.com> Date: Tue, 27 Jul 1999 07:37:26 +0200 Message-ID: <87126.933053846@axl.noc.iafrica.com> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 26 Jul 1999 20:48:28 MST, Matthew Dillon wrote: > Subject: Re: securelevel and ipfw zero > > However, it does not allow you to do it if you are sitting at secure > level 3. You don't think that this discussion highlights the growing inadequacy of the securelevel mechanism's lack of granularity? I have a feeling it'll be time soon enough for us to make each of the decisions that is normally affected by securelevel dependant on the value of sysctl knobs. Presumeably one or more of them would be "write-once" knobs. :-) How much existing software tests for kern.securelevel? And could we make its value dependant on the new knobs? I can't see it being too big a problem. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message