Date: Mon, 7 Oct 1996 18:28:38 +0900 (JST) From: Michael Hancock <michaelh@cet.co.jp> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: current@FreeBSD.org Subject: Re: secure level diffs to kern_mib.c, LINT Message-ID: <Pine.SV4.3.93.961007180656.14020A-100000@parkplace.cet.co.jp> In-Reply-To: <9610061827.AA22366@halloran-eldar.lcs.mit.edu>
index | next in thread | previous in thread | raw e-mail
On Sun, 6 Oct 1996, Garrett Wollman wrote: > <<On Sun, 6 Oct 1996 12:41:00 +0900 (JST), Michael Hancock <michaelh@cet.co.jp> said: > > > FreeBSD defaults securelevel to -1, use the following diffs if you prefer > > normal bsd operations or want a choice. Man init(8) for details. > > I am strongly opposed to this patch, for reasons I have stated in this > list in the past few days. This security level stuff had an ambiguous design and a flawed implementation. It was ambiguous, but reasonable because it didn't depend on an command randomly placed in the rc scripts. By encouraging the use of sysctl -w in the rc scripts you're downgrading the design to the level of the flawed implementation. It seems we're worse off then before. "It's broken, let's break it more." I can just see it now, Joe security wizard fixes init and the secure level stuff and and says, "Ok, all you guys that followed the stupid advice of putting sysctl -w kern.securelevel in rc, rc.local, or some other random place, you can take those out now." Wouldn't it be better to encourage a better design and implementation; than to encourage the use of flawed work-arounds just because the implementation lets you? Design interfaces they way they should work, if the implementation doesn't work as designed, then write a good CAVEAT section in the man pages so somebody can fix them with the least disruption to the community's configurations. At least create an opportunity for improvement. Regards, Mike Hancockhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.93.961007180656.14020A-100000>