Date: Tue, 27 Jul 1999 09:48:30 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: hackers@FreeBSD.ORG Subject: Re: securelevel too course-grained? Message-ID: <199907271648.JAA54626@apollo.backplane.com> References: <87126.933053846@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:> Subject: Re: securelevel and ipfw zero
:>
:> However, it does not allow you to do it if you are sitting at secure
:> level 3.
:
:You don't think that this discussion highlights the growing inadequacy
:of the securelevel mechanism's lack of granularity?
:Ciao,
:Sheldon.
It would be interesting to see it turn into a bitmask, where setting
it to '-1' secures everything. But I think the original intent was to
make it more user-friendly in concept. It is simply a matter of relative
merit. If a high securelevel still allows most files to be modified,
it might as well allow clearing of the ipfw counters.
Ultimately the only way to do securelevel properly is with capabilities.
The system gives init all the major capabilities and init passes them on
as appropriate. A system-wide secure level for a feature is created
simply by globally destroying a particular capability. It would also be
possible to destroy all instances of a capability except in the specific
processes that need it - though in that case you wouldn't be able to
restart the process in question.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907271648.JAA54626>