From owner-freebsd-security Fri Jun 18 8: 6:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from srh0710.urh.uiuc.edu (srh0710.urh.uiuc.edu [130.126.76.32]) by hub.freebsd.org (Postfix) with SMTP id 0133614FCB for <freebsd-security@FreeBSD.ORG>; Fri, 18 Jun 1999 08:06:06 -0700 (PDT) (envelope-from ftobin@bigfoot.com) Received: (qmail 56750 invoked by uid 1000); 18 Jun 1999 15:06:05 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 Jun 1999 15:06:05 -0000 Date: Fri, 18 Jun 1999 10:06:05 -0500 (CDT) From: Frank Tobin <ftobin@bigfoot.com> X-Sender: ftobin@srh0710.urh.uiuc.edu Cc: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG> Subject: Re: securelevel descr In-Reply-To: <xzpu2s5zujv.fsf@flood.ping.uio.no> Message-ID: <Pine.BSF.4.10.9906181002550.56717-100000@srh0710.urh.uiuc.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dag-Erling Smorgrav, at 12:12 on 18 Jun 1999, wrote: > > Hrm, that is a excellent idea could be added as an extra securelevel, such > > as -2. > > -2? Why -2? Securelevels are numbered upwards from 0, in increasing > order of paranoia. The reason for this is that it would be a more _insecure_ mode, one that allows any user to start a process which could take control of a secure port. This would allow someone to run daemons that normally do not need to run under root but generally run under a reserved port. For example, inetd would be a good example. -- Frank Tobin "To learn what is good and what is to be http://www.bigfoot.com/~ftobin valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus FreeBSD: The Power To Serve PGPenvelope = GPG and PGP5 + Pine PGP: 4F86 3BBB A816 6F0A 340F http://www.bigfoot.com/~ftobin/resources.html 6003 56FF D10A 260C 4FA3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message