From owner-freebsd-hackers Wed Aug 14 14:47:16 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA28035 for hackers-outgoing; Wed, 14 Aug 1996 14:47:16 -0700 (PDT) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA28030 for ; Wed, 14 Aug 1996 14:47:11 -0700 (PDT) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id QAA12769; Wed, 14 Aug 1996 16:30:51 -0500 From: Joe Greco Message-Id: <199608142130.QAA12769@brasil.moneng.mei.com> Subject: Re: Nightmare. To: kpneal@interpath.com (Kevin P. Neal) Date: Wed, 14 Aug 1996 16:30:50 -0500 (CDT) Cc: jgreco@brasil.moneng.mei.com, ulf@lamb.net, jkh@time.cdrom.com, hackers@freebsd.org In-Reply-To: <1.5.4.32.19960814212017.0074c684@interpath.com> from "Kevin P. Neal" at Aug 14, 96 05:20:17 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > >I tend to agree, but wonder if it would not make more sense to tackle this > >from a different angle. > > > >Consider all the programs that could clobber a mounted file system. Would > >it make more sense if we somehow protected a mounted disk device from > >being clobbered? > > Isn't this one of the things that secure_level > 0 protects you from? > > In fact, yes it is. (reference: page 263, 4.4BSD daemon book). > > >OTOH, this is a can of worms, no matter how you do it. Maybe I don't need to point this out, but... The thread started with some beginners who made a sad mistake. It seems to me that in order to set securelevel > 0, you need to know what you are doing. How do you protect the newbies who are not used to UNIX/FreeBSD and who therefore would not have any idea to set securelevel > 0.. We don't default to a securelevel > 0. ... JG