Date: Tue, 27 Jul 1999 09:48:30 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: hackers@FreeBSD.ORG Subject: Re: securelevel too course-grained? Message-ID: <199907271648.JAA54626@apollo.backplane.com> References: <87126.933053846@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:> Subject: Re: securelevel and ipfw zero :> :> However, it does not allow you to do it if you are sitting at secure :> level 3. : :You don't think that this discussion highlights the growing inadequacy :of the securelevel mechanism's lack of granularity? :Ciao, :Sheldon. It would be interesting to see it turn into a bitmask, where setting it to '-1' secures everything. But I think the original intent was to make it more user-friendly in concept. It is simply a matter of relative merit. If a high securelevel still allows most files to be modified, it might as well allow clearing of the ipfw counters. Ultimately the only way to do securelevel properly is with capabilities. The system gives init all the major capabilities and init passes them on as appropriate. A system-wide secure level for a feature is created simply by globally destroying a particular capability. It would also be possible to destroy all instances of a capability except in the specific processes that need it - though in that case you wouldn't be able to restart the process in question. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907271648.JAA54626>