From owner-freebsd-hackers  Tue Mar 12 23:41:34 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id 7299037B402
	for <freebsd-hackers@freebsd.org>; Tue, 12 Mar 2002 23:41:30 -0800 (PST)
Received: from hades.hell.gr (patr530-a210.otenet.gr [212.205.215.210])
	by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g2D7fGuO004678;
	Wed, 13 Mar 2002 09:41:20 +0200 (EET)
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.2/8.12.2) with ESMTP id g2D7fFfb026575;
	Wed, 13 Mar 2002 09:41:15 +0200 (EET)
	(envelope-from keramida@freebsd.org)
Received: (from charon@localhost)
	by hades.hell.gr (8.12.2/8.12.2/Submit) id g2D7fBNT026553;
	Wed, 13 Mar 2002 09:41:11 +0200 (EET)
	(envelope-from keramida@freebsd.org)
X-Authentication-Warning: hades.hell.gr: charon set sender to keramida@freebsd.org using -f
Date: Wed, 13 Mar 2002 09:41:05 +0200
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: "Rogier R. Mulhuijzen" <drwilco@drwilco.net>
Cc: freebsd-hackers@freebsd.org
Subject: Re: logging securelevel violations
Message-ID: <20020313074105.GB375@hades.hell.gr>
References: <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net> <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net> <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net> <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net> <5.1.0.14.0.20020312222347.01c3b080@mail.drwilco.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.0.14.0.20020312222347.01c3b080@mail.drwilco.net>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On 2002-03-12 22:26, Rogier R. Mulhuijzen wrote:
> What I meant is, the file permissions on /dev/ad0 stop ordinary users from 
> even reaching the point where the secure level denies the attempt.
> 
> And so only root can actually trigger the secure level violation log 
> message. So it cannot be used to maliously fill the logs. Unless someone 
> has root, and then you have bigger problems.

Indeed.  But we're discussing something about code that doesn't exist.
Rate limiting is not bad, IMHO.  But I'll let this go, until we have code
to work on.  I'm just concerned that there might be things that securelevel
would disallow, that can be done by ordrinary users.  For instance if user
mounts are allowed, mounting a partition or floppy disk etc.

Giorgos Keramidas                       FreeBSD Documentation Project
keramida@{freebsd.org,ceid.upatras.gr}  http://www.FreeBSD.org/docproj/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message