Date: Mon, 7 Oct 1996 18:28:38 +0900 (JST) From: Michael Hancock <michaelh@cet.co.jp> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: current@FreeBSD.org Subject: Re: secure level diffs to kern_mib.c, LINT Message-ID: <Pine.SV4.3.93.961007180656.14020A-100000@parkplace.cet.co.jp> In-Reply-To: <9610061827.AA22366@halloran-eldar.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 6 Oct 1996, Garrett Wollman wrote: > <<On Sun, 6 Oct 1996 12:41:00 +0900 (JST), Michael Hancock <michaelh@cet.co.jp> said: > > > FreeBSD defaults securelevel to -1, use the following diffs if you prefer > > normal bsd operations or want a choice. Man init(8) for details. > > I am strongly opposed to this patch, for reasons I have stated in this > list in the past few days. This security level stuff had an ambiguous design and a flawed implementation. It was ambiguous, but reasonable because it didn't depend on an command randomly placed in the rc scripts. By encouraging the use of sysctl -w in the rc scripts you're downgrading the design to the level of the flawed implementation. It seems we're worse off then before. "It's broken, let's break it more." I can just see it now, Joe security wizard fixes init and the secure level stuff and and says, "Ok, all you guys that followed the stupid advice of putting sysctl -w kern.securelevel in rc, rc.local, or some other random place, you can take those out now." Wouldn't it be better to encourage a better design and implementation; than to encourage the use of flawed work-arounds just because the implementation lets you? Design interfaces they way they should work, if the implementation doesn't work as designed, then write a good CAVEAT section in the man pages so somebody can fix them with the least disruption to the community's configurations. At least create an opportunity for improvement. Regards, Mike Hancock
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.93.961007180656.14020A-100000>