Date: Fri, 17 Apr 1998 22:47:16 +0200 From: "H. Eckert" <ripley@nostromo.in-berlin.de> To: freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <19980417224716.41173@nostromo.in-berlin.de> In-Reply-To: <19980417105557.59439@deepo.prosa.dk>; from Philippe Regnauld on Fri, Apr 17, 1998 at 10:55:57AM %2B0200 References: <199804170519.WAA12540@burka.rdy.com> <Pine.BSF.3.96.980417013537.8952E-100000@trojanhorse.pr.watson.org> <19980417105557.59439@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 17, 1998 at 10:55:57AM +0200, Philippe Regnauld wrote: > Suggestion: how difficult would it be to have ipfw(8) respect > the securelevel to, for example, refuse to flush / alter > the ipfw list ? > > i.e.: all mods have to be tested before the securelevel is raised, > and once it is, only rebooting into single user on the console > allows you to change the filters. Actually I like the dynamically adaptable ipfw scheme a lot more than ipfilterd.conf on an Irix machine we have at work. This is a matter of flexibility. > We need write-protect notch on the hard-disks :-) There have been times where harddrives had this. But somehow a real switch seems to be out of fashion. ZipDisks have only the software write-protection... Since I started using 90mm floppies I trained myself to protect them immediately when ejecting a disk I don't want to write to again a few moments later. Greetings, Ripley -- http://www.in-berlin.de/User/nostromo/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980417224716.41173>