Subject: Re: use of securelevel.
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Manuel BOUYER <email@example.com>
Date: 06/04/1997 18:10:48
On Jun 4, der Mouse wrote
> I always thought the kernel just knew about negative, zero, and
> positive...or does it just recognize <=0 and >0, with the semantics of
> securelevel==-1 implemented in init? (I suppose I should just go
At last the init man page make a difference between securelevel==1 and
securelevel==2. I didn't check if this is implemented, however ...
> My reaction is, no such level is appropriate. I don't like the idea of
> having one variable which takes on different levels, with different
> things kicking in at various points - it makes it very hard to turn
> these things on and off individually. I've found this with debugging
> output in code, for example - I almost always want not a debug level
> which produces more and more output as it's cranked up, but rather a
> number of bits, one for each subsystem.
> In this case, I would prefer to have something like a sysctl variable,
> such that when nonzero, it disallows filter changes; you could either
> have it impossible to change it from nonzero to zero except when
> securelevel is less than 1, or if you don't want to tie it to
> securelevel, then maybe have it take on three states, say 0 (allow
> changes), 1 (no changes, but no other effects), and 2 (no changes, and
> the control variable itself can't be changed either).
What I'd like to see is a by-mask securelevel. Says, a bit which
allows/dissalow disk mount/unmount, a bit to allows/dissalow system flags
change on files, a bit for /dev/mem and friends, a bit for
network configurations (including ip-filter, or perhaps a specific bit for it),
etc. And of course a bit which says if we are allowed to change the
securelevel. If securelevel is an int, whe have 32 bits to play with ...
Manuel Bouyer, LIP6, Universite Paris VI. firstname.lastname@example.org