Subject: Re: The reason for securelevel (was: sysctl knob to let sugid processes
To: Martin Husemann <>
From: Elad Efrat <>
List: tech-security
Date: 01/26/2006 12:54:05
Martin Husemann wrote:
> To be consistent, I think we also should have a sysctl knob that (dis-)allows
> root to ptrace(PT_ATTACH, ...) to suid processes, and forbid changing this
> setting at securelevel >= 1.

Here's an idea I was discussing with a friend the other day...

Because securelevels start to have too many affects, we could have the
knobs separated, and continue to use kern.securelevel as a macro.

So an admin can either go and set kern.securelevel and have consistent
behavior (as it is today), or go and turn on the knobs he's interested;
having a bit of securelevel 2, 1, and -1.

The knobs could all be raise-only (just like kern.securelevel itself).

How's that sound?


Elad Efrat