Date: Tue, 07 Sep 1999 18:36:08 +0900 From: KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> To: des@flood.ping.uio.no Cc: dillon@apollo.backplane.com, fullermd@futuresouth.com, kato@ganko.eps.nagoya-u.ac.jp, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel Message-ID: <19990907183608S.kato@gneiss.eps.nagoya-u.ac.jp> In-Reply-To: Your message of "07 Sep 1999 10:26:18 %2B0200" <xzpu2p7ktzp.fsf@flood.ping.uio.no> References: <xzpu2p7ktzp.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav <des@flood.ping.uio.no> wrote:
> That's an excellent idea - it shouldn't be too hard to add a kernel
> option (say, DDB_RESTRICTED) and #ifndef the "dangerous" commands.
To achieve both higher security and kenel hackers convenience, I'd
submit following idea:
- If securelevel > 1, DDB is in restricted mode.
- If securelevel > 1 and an option is defined, DDB is in powerful
mode.
- If securelvel < 1, DDB is in powerful mode.
-----------------------------------------------+--------------------------+
KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp> | FreeBSD |
Dept. Earth Planet. Sci, Nagoya Univ. | The power to serve! |
Nagoya, 464-8602, Japan | http://www.FreeBSD.org/ |
++++ FreeBSD(98) 3.2: Rev. 01 available! |http://www.jp.FreeBSD.org/|
++++ FreeBSD(98) 2.2.8: Rev. 02 available! +==========================+
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990907183608S.kato>