Re: Secmodel_bsd44: default to "defer", not "deny"?

To: Bill Stouder-Studenmund <wrstuden%netbsd.org@localhost>
Subject: Re: Secmodel_bsd44: default to "defer", not "deny"?
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Tue, 26 Feb 2008 00:10:54 +0200

Bill Stouder-Studenmund wrote:

A default answer of "defer" is more-correct that what happens now. Makingthis change strikes me as the right thing to do. It also will serve as agood example for future module-authors.
Also, the fact that root was able to load modules at boot doesn't meanthat root can load modules (and thus kmem is writable) later. :-) Isn'tthat the reason we talked about securelevel and capabilities and theinability to re-enable "capabilities" that we disable towards the end ofboot?


Right.

I'll wait a couple of days and change it.

Thanks,

-e.

References:
- Secmodel_bsd44: default to "defer", not "deny"?
  - From: Elad Efrat
- Re: Secmodel_bsd44: default to "defer", not "deny"?
  - From: Bill Stouder-Studenmund

Prev by Date: Re: Secmodel_bsd44: default to "defer", not "deny"?
Next by Date: Re: MODULAR: Add support for load-time options
Previous by Thread: Re: Secmodel_bsd44: default to "defer", not "deny"?
Next by Thread: Re: Secmodel_bsd44: default to "defer", not "deny"?
Indexes:

Home | Main Index | Thread Index | Old Index