From owner-freebsd-hackers  Wed Aug 14 15:04:44 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA28883
          for hackers-outgoing; Wed, 14 Aug 1996 15:04:44 -0700 (PDT)
Received: from mail-hub.interpath.net (mail-hub.interpath.net [199.72.1.13])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA28864
          for <hackers@freebsd.org>; Wed, 14 Aug 1996 15:04:39 -0700 (PDT)
Received: from bogus.interpath.net (raleigh-037.interpath.net [207.59.1.37]) by mail-hub.interpath.net (8.6.12/8.6.14) with SMTP id SAA01332; Wed, 14 Aug 1996 18:02:09 -0400
Message-Id: <1.5.4.32.19960814220314.0074ba08@interpath.com>
X-Sender: kpneal@interpath.com
X-Mailer: Windows Eudora Light Version 1.5.4 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 14 Aug 1996 18:03:14 -0400
To: Joe Greco <jgreco@brasil.moneng.mei.com>
From: "Kevin P. Neal" <kpneal@interpath.com>
Subject: Re: Nightmare.
Cc: jgreco@brasil.moneng.mei.com, ulf@lamb.net, jkh@time.cdrom.com,
        hackers@freebsd.org
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

At 04:30 PM 8/14/96 -0500, Joe Greco wrote:
>> >I tend to agree, but wonder if it would not make more sense to tackle this
>> >from a different angle.
>> >
>> >Consider all the programs that could clobber a mounted file system.  Would
>> >it make more sense if we somehow protected a mounted disk device from
>> >being clobbered?
>> 
>> Isn't this one of the things that secure_level > 0 protects you from?
>> 
>> In fact, yes it is. (reference: page 263, 4.4BSD daemon book).
>> 
>> >OTOH, this is a can of worms, no matter how you do it.
>
>Maybe I don't need to point this out, but...
>
>The thread started with some beginners who made a sad mistake.  It seems to
>me that in order to set securelevel > 0, you need to know what you are
>doing.  How do you protect the newbies who are not used to UNIX/FreeBSD
>and who therefore would not have any idea to set securelevel > 0..

Set it to default with securelevel > 0, but you can't.......

>We don't default to a securelevel > 0.

.....because of another can of worms that gets opened by securelevel > 0.

>> >OTOH, this is a can of worms, no matter how you do it.
    ^^ pretty much.
--
XCOMM Kevin P. Neal, Sophomore, Comp. Sci. \   kpneal@interpath.com
XCOMM  "Corrected!" -- Old Amiga tips file  \  kpneal@eos.ncsu.edu
XCOMM Visit the House of Retrocomputing:    /      Perm. Email:
XCOMM  http://www4.ncsu.edu/~kpneal/www/   /   kevinneal@bix.com