From owner-freebsd-security  Mon Jun 15 14:15:38 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA29426
          for freebsd-security-outgoing; Mon, 15 Jun 1998 14:15:38 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dc1.mfn.org (ftp.mfn.org [204.238.179.12])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA29377
          for <security@freebsd.org>; Mon, 15 Jun 1998 14:15:24 -0700 (PDT)
          (envelope-from sysadmin@mfn.org)
Received: from greeves.mfn.org (unverified [204.238.179.35]) by mail.mfn.org
 (EMWAC SMTPRS 0.83) with SMTP id <B0000021939@mail.mfn.org>;
 Mon, 15 Jun 1998 16:16:12 -0500
Received: by greeves.mfn.org with Microsoft Mail
	id <01BD9878.85D2BCC0@greeves.mfn.org>; Mon, 15 Jun 1998 16:13:24 -0500
Message-ID: <01BD9878.85D2BCC0@greeves.mfn.org>
From: greeves <sysadmin@mfn.org>
To: "security@FreeBSD.ORG" <security@FreeBSD.ORG>
Subject: RE: bsd securelevels...
Date: Mon, 15 Jun 1998 16:13:23 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>> 1) do they noticably improve security? 2) can we replace them with
>> something better? The answer to both questions is yes.

>The answer to (1) is yes only as long as people are using
>securelevels. My feeling is that pretty much noone is using them,
>because they are viewed (rightfully, IMO) as being both too twisted
>and not secure enough to justify setting them.


More likely nobody is using them because they are not now
known, and are not being pushed.  I run a network that
*would* have been using them, had I *KNOWN* about them!

Remember, a great deal of the FBSD world is *NOT* on the
edge of the technology, and that includes the more "advanced"
users who came from different *nix environments (such as myself).

I came to FBSD out from a commercial SVR3/4 environment that
did not have anything like secure levels.  Even though I came here
*because* of heightened security awareness, the fact that I still know
only as much about securelevels as has been posted in the recent
spate of warnings on it.  Possibly someone should generate a little 
verbiage in the FAQ about this!

J.A. Terranson
sysadmin@mfn.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message