Subject: Re: verified executable kernel modification committed
To: Brett Lymn <>
From: grant beattie <>
List: tech-security
Date: 10/30/2002 12:03:04
On Wed, Oct 30, 2002 at 01:10:11AM +1030, Brett Lymn wrote:

> Q: So, how do you stop the list being updated later?
> A: by using securelevel - the fingerprints can only be loaded at
>    securelevel == 0.  The full effect of the verified exec is in
>    effect at securelevel > 2 (i.e. 3 onwards), at this point warnings
>    about invalid/missing fingerprints become fatal errors, before this
>    they were merely warnings.

Are there alternative ways (already existing or not) to activate it? The
securelevel scheme prevents it from being used effectively when options
INSECURE is used. :(