Subject: Re: The reason for securelevel
To: Travis H. <solinym@gmail.com>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 01/29/2006 11:32:04
Travis H. wrote:

> An open mind is a terrible thing to waste.

so is time.

> Personally, I do security for a living

are you a white-hat hacker? :)

[...]
> IMHO, leaving a complicated exploitation route is better than leaving
[...]

some of the work that is done in that area:

  - expect gcc 4.1 soon (?) with built-in ssp;
  - there's already a port of some of PaX's features to netbsd (see
    other month archives..);
  - this very thread is about redesigning securelevel in a finger
    grained way;
  - there is a lot of work in progress in having netbsd use kernel
    authorization;

can you see where all these lead to?

some are for creating secure infrastructure to build on. some are
proven exploit mitigation techniques. the goal? focus on having the
implementation be able to do a large variety of things, and changing
the interface to fit the user -- where possible, of course.

...but it's a slow process, and as you're doing security for a living,
i dont need to tell you that we'd rather spend a lot of time in design
than in debugging. :)

of course throughout this thread i've been trying to balance "design"
with not too much of over-engineering.. but...

or was there a different point to your mail that i completely missed? :)

-e

-- 
Elad Efrat