Subject: Re: use of securelevel.
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Manuel BOUYER <bouyer@antioche.ibp.fr>
List: current-users
Date: 06/04/1997 18:10:48
On Jun 4, der Mouse wrote
> I always thought the kernel just knew about negative, zero, and
> positive...or does it just recognize <=0 and >0, with the semantics of
> securelevel==-1 implemented in init? (I suppose I should just go
> check...)
At last the init man page make a difference between securelevel==1 and
securelevel==2. I didn't check if this is implemented, however ...
> My reaction is, no such level is appropriate. I don't like the idea of
> having one variable which takes on different levels, with different
> things kicking in at various points - it makes it very hard to turn
> these things on and off individually. I've found this with debugging
> output in code, for example - I almost always want not a debug level
> which produces more and more output as it's cranked up, but rather a
> number of bits, one for each subsystem.
>
> In this case, I would prefer to have something like a sysctl variable,
> such that when nonzero, it disallows filter changes; you could either
> have it impossible to change it from nonzero to zero except when
> securelevel is less than 1, or if you don't want to tie it to
> securelevel, then maybe have it take on three states, say 0 (allow
> changes), 1 (no changes, but no other effects), and 2 (no changes, and
> the control variable itself can't be changed either).
What I'd like to see is a by-mask securelevel. Says, a bit which
allows/dissalow disk mount/unmount, a bit to allows/dissalow system flags
change on files, a bit for /dev/mem and friends, a bit for
network configurations (including ip-filter, or perhaps a specific bit for it),
etc. And of course a bit which says if we are allowed to change the
securelevel. If securelevel is an int, whe have 32 bits to play with ...
--
Manuel Bouyer, LIP6, Universite Paris VI. bouyer@masi.ibp.fr
--