-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Elad" == Elad Efrat <elad@NetBSD.org> writes:
    Elad> Here's an idea I was discussing with a friend the other day...

    Elad> Because securelevels start to have too many affects, we could
    Elad> have the knobs separated, and continue to use kern.securelevel
    Elad> as a macro.

  I think this is a really cool idea.
  90% of the things are bits.
  One of the bits is the right to toggle the bits. 
  A compile time option could wire the bits in a particular way.

    Elad> So an admin can either go and set kern.securelevel and have
    Elad> consistent behavior (as it is today), or go and turn on the
    Elad> knobs he's interested; having a bit of securelevel 2, 1, and
    Elad> -1.

  Very useful when you want to debug things. 
  Also very useful if you want to determine how the system might defend
against various intrusions.

    Elad> The knobs could all be raise-only (just like kern.securelevel
    Elad> itself).

  I suggest that a COMPILE TIME bit determines this

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBQ9jbxoCLcPvd0N1lAQKAFgf/RTTEDBMuvXCViBvAJyo0ci2TqxM03XE2
tFkgMZwHjhzOBFWbL0N2PKU8Guy5HbpN0naTJO/eLOubFBGYn8bWDw0xtE5S7Scw
mAm0jdKnjkoJKwycgNHiRlTd4AWrIxQdf39SxRvfNvPwVje3uy7S4oFv9brflVjL
OVWLy66vnYCP1uqPQj7YBl0mgvIUfPAWYEZ+1RGdm5+mAnx1GbmU7FfWw30A7TLu
IWoSLH82gDJGK2rOtQuwccpcwB64nmViOAs1vY2vZRfb5Kkv3lmjcd80QhXdLkkL
E/O4ZCeJRf0MX4o4tDEW/RaZodqjewz+p49vbOc0/0jBXFFnQEKYJQ==
=IAoD
-----END PGP SIGNATURE-----