Date: Mon, 26 Nov 2001 13:02:17 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Anthony Atkielski <anthony@freebie.atkielski.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: What is the best secure_level setting? Message-ID: <20011126130217.B17576@xor.obsecurity.org> In-Reply-To: <00c201c17681$91287110$0a00000a@atkielski.com>; from anthony@freebie.atkielski.com on Mon, Nov 26, 2001 at 02:52:19PM %2B0100 References: <00c201c17681$91287110$0a00000a@atkielski.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--MfFXiAuoTsnnDAfZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Nov 26, 2001 at 02:52:19PM +0100, Anthony Atkielski wrote: > I am looking at secure_level in FreeBSD and wondering what setting is > appropriate. The default seems to be the lowest possible setting of -1, but I > don't see any obvious reason why I can't run at +1. What levels do you all run > your systems at normally? -1. It all depends on your security model and how much inconvenience you're willing to take. My personal belief is that securelevel isn't a truly useful security feature for most people since it's too difficult and painful to make it actually achieve the objectives they probably wanted from it (see the -security archives for discussion). Kris --MfFXiAuoTsnnDAfZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8Aq3ZWry0BWjoQKURAmkPAKCBvoiMHxCWUXF4hi161kpKJf+NBgCdFFgN f1klw2dxZj7DRtVp33/TWx4= =yND3 -----END PGP SIGNATURE----- --MfFXiAuoTsnnDAfZ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011126130217.B17576>