Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: Jon Lindgren <>
From: Andrew Brown <>
List: tech-kern
Date: 10/24/2000 11:48:12
>This was furthered into using sysctl's to do accomplish the same
>results... having a security section with knobs to frob which turn
>different features (such as allowing ipf or ipnat rules to be added,
>etc...).  And of course, after that, making the security section
>read-only, so if one cracks the box certain features can't be re-enabled. misunderstood me.  the "last" security knob would mark the
*entire* sysctl mib as read-only wrt userland, not just the security

i envisioned adjusting whatever needed to be adjusted, and then
closing the box.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."