Re: CVS commit: src/sys/kern

To: Roy Marples <roy%marples.name@localhost>
Subject: Re: CVS commit: src/sys/kern
From: coypu%SDF.ORG@localhost
Date: Wed, 28 Dec 2016 17:36:04 +0000

On Wed, Dec 28, 2016 at 12:05:58AM +0000, Roy Marples wrote:
> Can you please explain how the security model was broken?
> 

intention with securelevel is to do less things kernel-side
if it is raised (which, I hope, reduces our attack surface).

I don't think it's worth adding this complexity for better
npfctl warnings (it's just a warning and doesn't change its
behaviour).

If you want, I can modify npfctl not to warn for the EPERM
case. I'm not sure whether that is better.

Follow-Ups:
- re: CVS commit: src/sys/kern
  - From: matthew green
- Re: CVS commit: src/sys/kern
  - From: Taylor R Campbell

References:
- Re: CVS commit: src/sys/kern
  - From: Roy Marples

Prev by Date: Re: CVS commit: src/sys/kern
Next by Date: Re: CVS commit: src/sys/kern
Previous by Thread: Re: CVS commit: src/sys/kern
Next by Thread: Re: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index