From owner-freebsd-hackers Tue Sep 7 2:40:34 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from eclogite.eps.nagoya-u.ac.jp (eclogite.eps.nagoya-u.ac.jp [133.6.124.145]) by hub.freebsd.org (Postfix) with ESMTP id E83A915546; Tue, 7 Sep 1999 02:40:23 -0700 (PDT) (envelope-from kato@ganko.eps.nagoya-u.ac.jp) Received: from localhost (gneiss.eps.nagoya-u.ac.jp [133.6.124.148]) by eclogite.eps.nagoya-u.ac.jp (8.9.3/3.7W) with ESMTP id SAA04514; Tue, 7 Sep 1999 18:36:38 +0900 (JST) To: des@flood.ping.uio.no Cc: dillon@apollo.backplane.com, fullermd@futuresouth.com, kato@ganko.eps.nagoya-u.ac.jp, bde@zeta.org.au, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Init(8) cannot decrease securelevel From: KATO Takenori In-Reply-To: Your message of "07 Sep 1999 10:26:18 +0200" References: X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA) X-PGP-Fingerprint: 03 72 85 36 62 46 23 03 52 B1 10 22 44 10 0D 9E Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <19990907183608S.kato@gneiss.eps.nagoya-u.ac.jp> Date: Tue, 07 Sep 1999 18:36:08 +0900 X-Dispatcher: imput version 980905(IM100) Lines: 19 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dag-Erling Smorgrav wrote: > That's an excellent idea - it shouldn't be too hard to add a kernel > option (say, DDB_RESTRICTED) and #ifndef the "dangerous" commands. To achieve both higher security and kenel hackers convenience, I'd submit following idea: - If securelevel > 1, DDB is in restricted mode. - If securelevel > 1 and an option is defined, DDB is in powerful mode. - If securelvel < 1, DDB is in powerful mode. -----------------------------------------------+--------------------------+ KATO Takenori | FreeBSD | Dept. Earth Planet. Sci, Nagoya Univ. | The power to serve! | Nagoya, 464-8602, Japan | http://www.FreeBSD.org/ | ++++ FreeBSD(98) 3.2: Rev. 01 available! |http://www.jp.FreeBSD.org/| ++++ FreeBSD(98) 2.2.8: Rev. 02 available! +==========================+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message