Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: Thor Lancelot Simon <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 10/24/2000 17:44:42
>It is certainly flexible enough for what Jon said he wanted to do. Since
>you haven't indicated what you want to do, it's pretty hard to tell if new
>functionality is required or not.
i had also suggested (a) no more manipulation of the routing table
from userspace (ie, anything except "route get"), (b) no more
interface manipulation (ie, adding or removing addresses, netmasks,
etc) and (c) making the entire sysctl mib read-only.
i haven't looked, but i don't think those are covered by secure level
finely grained grained control is a good thing, as are large red
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."