Subject: Re: Sysctls vs. securelevel (was Re: Volunteers to test some kernel
To: None <firstname.lastname@example.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 06/15/1999 14:50:12
>>> Or, there could be a `securelevel' with exactly two states (0 and
>>> 1), where `0' indicates two-way security switch sysctls, and `1'
>>> indicates one-way settings.
>> I think a tri-state secure level is fine (0, 1, 2), but I DO like
>> the idea of one-way sysctls's.
> Well, if the security functionality is based on sysctls, what does a
> tri-state securelevel do? ;)
Two answers come to mind.
(1) securelevel=0 -> no sysctls are one-way
securelevel=1 -> security sysctls are one-way
securelevel=2 -> security sysctls are read-only
(2) securelevel is a write-only sysctl. Setting it to 1 turns on some
of the (other) security sysctls; setting it to 2 turns on those
plus some more. (The idea is to get more or less the functionality
of the old securelevel scheme....)
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B