Date: Fri, 18 Jun 1999 11:40:31 +0400 From: Kirill Nosov <slash@leontief.net> To: freebsd-security@FreeBSD.ORG Subject: Re: securelevel descr Message-ID: <99061811465300.10975@MirStation.leontief.nw.ru> References: <Pine.BSF.4.10.9906180119201.50701-100000@srh0710.urh.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Jun 1999, Frank Tobin wrote: >I was talking over something with friends today, and we were trying to >come with ideas for securelevels that would disable as much meaning out >of being root, to limit the spread of being root if a box is 'rooted'. >Specifically, we came to the conclusions that with most of /etc, /usr >(with the notable exceptions of /etc/passwd, catman, /usr/local) could be >chflagged simmutable, and a securelevel of 3 could really strengthen a >box. Of course, one additional thing that no secure level does that would >be _really_ nice is that it would prevent more secure ports from being >opened. > As far as i remeber there was a discussion about implementing the dependence between uid and port you are able to open - to eliminate the 'priveleged ports' concept. That was a great idea from my point of view. If it will be iimplemented in future FreeBSD versions ? As far as i see it is possible to be done w/o any changes in '3rd party software' , just by means of FreeBSD core. --- ... I want to perform cranial activities with Tuesday Weld!! /Slash. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99061811465300.10975>