Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Sep 2004 19:50:29 -0400
From:      David Schultz <das@FreeBSD.ORG>
To:        David Pick <d.m.pick@qmul.ac.uk>
Cc:        Deepak Jain <deepak@ai.net>
Subject:   Re: Kernel-loadable Root Kits
Message-ID:  <20040929235029.GA31828@VARK.MIT.EDU>
In-Reply-To: <E1CCfo7-000Kb9-00@xi.css.qmw.ac.uk>
References:  <4159EABF.3030004@ai.net> <E1CCfo7-000Kb9-00@xi.css.qmw.ac.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 29, 2004, David Pick wrote:
> 6) securelevel *is* a great thing but sysadmins are tied to the
> hierarchy of levels chosen by the project, and one size does *not*
> fit all. As a more general mechanism I would suggest that there
> is a kernel-build option for *each* facility that can be locked
> by securelevel, which geves the level at which that facility
> becomes locked.

Great idea.  See mac(4).



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040929235029.GA31828>