From owner-freebsd-bugs  Fri Aug 23  0:43:30 2002
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8CB1A37B400; Fri, 23 Aug 2002 00:43:27 -0700 (PDT)
Received: from student.uci.agh.edu.pl (student.uci.agh.edu.pl [149.156.98.60])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 13FA743E6A; Fri, 23 Aug 2002 00:43:27 -0700 (PDT)
	(envelope-from winfried@student.uci.agh.edu.pl)
Received: by student.uci.agh.edu.pl (Postfix, from userid 25828)
	id 3F6DE64631; Fri, 23 Aug 2002 09:43:15 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by student.uci.agh.edu.pl (Postfix) with ESMTP
	id 386C06F609; Fri, 23 Aug 2002 09:43:15 +0200 (CEST)
Date: Fri, 23 Aug 2002 09:43:15 +0200 (CEST)
From: Jan Srzednicki <winfried@student.uci.agh.edu.pl>
To: Johan Karlsson <johan@FreeBSD.org>
Cc: freebsd-bugs@FreeBSD.org, <freebsd-security@FreeBSD.org>
Subject: Re: kern/22142: securelevel does not affect mount
In-Reply-To: <200208230144.g7N1itTB030484@freefall.freebsd.org>
Message-ID: <Pine.GSO.4.44.0208230940570.14810-100000@student.uci.agh.edu.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

On Thu, 22 Aug 2002, Johan Karlsson wrote:

> Synopsis: securelevel does not affect mount
>
> Responsible-Changed-From-To: freebsd-bugs->freebsd-security
> Responsible-Changed-By: johan
> Responsible-Changed-When: Thu Aug 22 18:41:46 PDT 2002
> Responsible-Changed-Why:
> 	Lets get -security's opinion about this.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=22142

I'm afraid changin securelevel's behaviour would break some system schemes
out there, which is rather unwanted thing for -STABLE. One thing we can do
is to wait for MACs in -CURRENT. Maybe a better solution is to add another
sysctl just form mount? Like kern.mount_disabled, which, when set to 1,
cannot be reverted back.

-- 
#- Winfried -------- wrzask@IRCNet -||- GG# 3838383 -||- JS500-RIPE -#
#- w@dream.vg ---- w@303.krakow.pl -||--- http://violent.dream.vg ---#
#- Never underestimate the power of stupid people in large numbers. -#


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message