tech-security: Securelevels revisited (was re: verified executable...)

Subject: Securelevels revisited (was re: verified executable...)
To: matthew green <mrg@eterna.com.au>
From: Greywolf <greywolf@starwolf.com>
List: tech-security
Date: 10/29/2002 09:21:42

On Wed, 30 Oct 2002, matthew green wrote:

# indeed.  securelevel > 2 has never been defined before?
#
#    >   Q: So, how do you stop the list being updated later?
#    >   A: by using securelevel - the fingerprints can only be loaded at
#    >      securelevel == 0.  The full effect of the verified exec is in
#    >      effect at securelevel > 2 (i.e. 3 onwards), at this point warnings
#    >      about invalid/missing fingerprints become fatal errors, before this
#    >      they were merely warnings.
#    >
#    >i assume that is "securelevel <= 0" ?
#
#    prolly, but the "securelevel > 2" bit gives me pause.  why not just
#    "securelevel > 1"?

I have a question; has any further discussion been going on about making
SECURELEVEL a bit mask rather than a linear value, or has this been dis-
missed as being so useless as to demerit further discussion?

				--*greywolf;
--
NetBSD: Twice the Bits-Clean of other Leading OSes.