Subject: Re: use of securelevel.
To: None <current-users@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: current-users
Date: 06/04/1997 10:13:51
> I'm aware of the kernel recognising securelevel having a value of -1,
> 0, 1 or 2 and above but are there any plans for implementing
> something more than this ?

I always thought the kernel just knew about negative, zero, and
positive...or does it just recognize <=0 and >0, with the semantics of
securelevel==-1 implemented in init?  (I suppose I should just go
check...)

> It has been suggested that IP Filter disallow changes to filter rules
> if securelevel is set to some level...(I think 3 was the suggestion).

> However, before doing this, I want to poll people on whether they
> think three is appropriate, or should 10 be used (say) as a synonym
> for "firewall security level".

> Thoughts ?

My reaction is, no such level is appropriate.  I don't like the idea of
having one variable which takes on different levels, with different
things kicking in at various points - it makes it very hard to turn
these things on and off individually.  I've found this with debugging
output in code, for example - I almost always want not a debug level
which produces more and more output as it's cranked up, but rather a
number of bits, one for each subsystem.

In this case, I would prefer to have something like a sysctl variable,
such that when nonzero, it disallows filter changes; you could either
have it impossible to change it from nonzero to zero except when
securelevel is less than 1, or if you don't want to tie it to
securelevel, then maybe have it take on three states, say 0 (allow
changes), 1 (no changes, but no other effects), and 2 (no changes, and
the control variable itself can't be changed either).

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B