From owner-freebsd-security  Mon Sep  6 12:14: 4 1999
Delivered-To: freebsd-security@freebsd.org
Received: from shell.futuresouth.com (shell.futuresouth.com [198.78.58.28])
	by hub.freebsd.org (Postfix) with ESMTP
	id 55363153C7; Mon,  6 Sep 1999 12:13:35 -0700 (PDT)
	(envelope-from fullermd@futuresouth.com)
Received: (from fullermd@localhost)
	by shell.futuresouth.com (8.9.3/8.9.3) id OAA20537;
	Mon, 6 Sep 1999 14:12:32 -0500 (CDT)
Date: Mon, 6 Sep 1999 14:12:32 -0500
From: "Matthew D. Fuller" <fullermd@futuresouth.com>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	KATO Takenori <kato@ganko.eps.nagoya-u.ac.jp>, bde@zeta.org.au,
	freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Init(8) cannot decrease securelevel
Message-ID: <19990906141231.L18814@futuresouth.com>
References: <199909060513.PAA12402@godzilla.zeta.org.au> <19990906142342F.kato@gneiss.eps.nagoya-u.ac.jp> <xzp1zcco10z.fsf@flood.ping.uio.no> <199909061539.IAA74893@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.3i
In-Reply-To: <199909061539.IAA74893@apollo.backplane.com>; from Matthew Dillon on Mon, Sep 06, 1999 at 08:39:54AM -0700
X-OS: FreeBSD <http://www.freebsd.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Sep 06, 1999 at 08:39:54AM -0700, a little birdie told me
that Matthew Dillon remarked
> 
>     Though, as a side note, it should be noted that if you have DDB
>     enabled then lowering the secure level is pretty easy to do.  If you
>     have access to the console, of course.  We used this trick at BEST
>     a couple of times.  Still, I think this might qualify as a bug in
>     the securelevel implementation.

I don't know about 'bug in securelevel implementation'...
For DDB to be DDB, you have to be able to tweak the running kernel any
which way outside of its control.  For securelevel to be securelevel, you
have to prevent changes to X, Y, and Z, no matter how they're changed.

I think it's more of a 'DDB is antithecal to securelevel'.  Calling it a
bug in securelevel is like calling lack of cargo space a bug in a Geo
Metro.




-- 
Matthew Fuller     (MF4839)     |    fullermd@over-yonder.net
Unix Systems Administrator      |    fullermd@futuresouth.com
Specializing in FreeBSD         |    http://www.over-yonder.net/
FutureSouth Communications      |    ISPHelp ISP Consulting

"The only reason I'm burning my candle at both ends, is because I
      haven't figured out how to light the middle yet"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message