Date: Thu, 8 Mar 2001 11:15:22 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Will Andrews <will@physics.purdue.edu>, "Jordan K. Hubbard" <jkh@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/sysinstall config.c menus.c src/usr.sbin/sysinstall/help security.hlp Message-ID: <Pine.NEB.3.96L.1010308111417.71958D-100000@fledge.watson.org> In-Reply-To: <20010308081201.C84789@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 8 Mar 2001, Kris Kennaway wrote: > On Thu, Mar 08, 2001 at 08:33:54AM -0500, Will Andrews wrote: > > On Thu, Mar 08, 2001 at 02:16:57AM -0800, Jordan Hubbard wrote: > > > Log: > > > Fix some of the security profile messages to be more explanatory > > > and also obey most of the rules of english in their construction. > > > > > > Add a help screen for the security menu which gives the user a rough idea > > > just what the various security profiles do. > > > > You really should mention that certain security profiles make it > > impossible to start X without making another change. I.e., warn a user > > about securitylevel vs. XFree86. > > I thought it worked as long as you started it before raising securelevel. Yes, but if you have a program running with those privileges, you lose the benefits of secure levels with regards to the relevant protections, as a privileged process can attach to the X server using debugging interfaces to gain access to the privileges. I.e., securelevels suck. :-) Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010308111417.71958D-100000>