Subject: Re: The reason for securelevel
To: Gilbert Fernandes <gilbert.fernandes@spamcop.net>
From: None <zvrba@globalnet.hr>
List: tech-kern
Date: 01/28/2006 16:45:04
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Sat, Jan 28, 2006 at 03:46:48PM +0100, Gilbert Fernandes wrote:
> 
> But we would still get newsysctl values probably. The securelevel
> thing would be transformed from one knob to a set of knob, whose
> default values makes it work like the current securelevel one.
> 
> What do you think of it ? :)
> 
This sounds reasonable. The drawback has of course been mentioned
before, and that is the nonexistence of the inverse mapping if the
admin decides to manipulate individual knobs, thus mixing defaults
from different "default" securelevels.

Hm.. an "outrageous" proposition: in my view, this has become an
overengineering of an initially simple securelevel concept.. _IF_
there is a real need for more fine-grained control, why not go down
the SELinux or grsecurity route? (I'm not saying to exactly copy their
model, but just to make a system-wide security model) Then make securelevel
as a "macro" for a predefined set of policies (provided by the NetBSD
developers, as such policies in the general framework are not trivial to
write..)

[I didn't mention FreeBSD's MAC as I'm not even briefly acquainted what
it supports or not...]

== To Elad:

As for the idea of keeping securelevel configuration in the file being
"bad", I don't see why. The veriexec framework also keeps its signatures
in a file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD25GAFtofFpCIfhMRAyURAJ0QaQk4mEkoD+YfEPp+10F6ouYltwCdFmng
I7Yn4rCWfzreHll9dyiqp8o=
=WX5Q
-----END PGP SIGNATURE-----