Subject: Re: The reason for securelevel
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 01/26/2006 20:31:34
Steven M. Bellovin wrote:
> The hard part is figuring out what all these different
> bits should be, especially if you want them orthogonal. I cited the
> SGI example to show just how many different things you might want to
> lock down.
if securelevel N does x, y, z; then we make new knobs for x, y, z.
these knobs are raise-only, like securelevel. when you raise
securelevel, you get all its affects -- so the changes don't hurt
any existing configurations/uses.
of course we can always make it a compile-time option whether we
want to go the securelevels-route, lots-of-knobs-route, or the
above described hybrid-route.
also, as michael richardson suggested, the raise-only part (that
resembles today's behavior, and i think should be the default) could
also be set via a compile-time option, making these knobs always
modifiable.
-e.
--
Elad Efrat