Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: Jon Lindgren <email@example.com>
From: Andrew Brown <firstname.lastname@example.org>
Date: 10/24/2000 11:48:12
>This was furthered into using sysctl's to do accomplish the same
>results... having a security section with knobs to frob which turn
>different features (such as allowing ipf or ipnat rules to be added,
>etc...). And of course, after that, making the security section
>read-only, so if one cracks the box certain features can't be re-enabled.
no...you misunderstood me. the "last" security knob would mark the
*entire* sysctl mib as read-only wrt userland, not just the security
i envisioned adjusting whatever needed to be adjusted, and then
closing the box.
|-----< "CODE WARRIOR" >-----|
email@example.com * "ah! i see you have the internet
firstname.lastname@example.org (Andrew Brown) that goes *ping*!"
email@example.com * "information is power -- share the wealth."